CapraRat Android remote access trojan

CapraRat is a new Android remote access trojan that relays data from a target device back to the hackers. · The malware is often disguised in

The latest addition to its toolkit is yet another custom Android RAT that is deployed via phishing links. According to security experts

According to Trend Micro’s research, CapraRAT is being operated by a hacker group known as Earth Karkaddan. Over the years, multiple cybersecurity agencies,

The CapraRat threat is a fully-featured Android RAT (Remote Access Trojan) designed to be deployed as a part of cyberespionage attacks

A politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities.

Called CapraRat by Trend Micro, the implant is an Android RAT that exhibits a high “degree of crossover” with another Windows malware known as CrimsonRAT that’s associated with Earth Karkaddan, a threat actor that’s also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe.

CrimsonRAT is fashioned as a .NET binary whose main purpose is to obtain and exfiltrate information from targeted Windows systems, including screenshots, keystrokes, and files from removable drives, and upload them to the attacker’s command-and-control server.

The new addition to its toolset is yet another custom Android RAT that’s deployed by means of phishing links. CapraRAT, which is disguised as a YouTube app, is said to be a modified version of an open-source RAT called AndroRAT and comes with a variety of data exfiltration functions, including the ability to harvest victims’ locations, phone logs, and contact information.

Our static analysis indicated that the malware steals sensitive data such as Contacts, SMSs, Call logs, and location. Besides recording calls and microphone audio, the malware also deletes files, sends SMSs, makes calls, takes pictures from the camera, etc., based on the commands received from the C&C server.

Given the sensitive nature of the data being accessed and the APT group suspected to be behind it, capraRAT could have severe national security implications for the Indian Diplomatic and Defense infrastructure.

TAs constantly adapt their methods to avoid detection and find new ways to target users through increasingly sophisticated techniques. Such malicious applications often masquerade as legitimate applications to trick users into installing them. This situation makes it imperative for users to install applications only after verifying their authenticity. Apps should only be installed exclusively via the official Google Play Store and other trusted portals to avoid such attacks.

How To Prevent Malware Infection?

  • Download and install software only from official app stores like Google Play Store or the iOS App Store.
  • Use a reputed anti-virus and internet security software package on your connected devices, such as PCs, laptops, and mobile devices.
  • Use strong passwords and enforce multi-factor authentication wherever possible.
  • Enable biometric security features such as fingerprint or facial recognition for unlocking the mobile device where possible.
  • Be wary of opening any links received via SMS or emails delivered to your phone.
  • Ensure that Google Play Protect is enabled on Android devices.
  • Be careful while enabling any permissions.
  • Keep your devices, operating systems, and applications updated.

A hacker group known for targeting Indian military and diplomatic personnel has reportedly come up with new malware for targeting Android devices. Called CapraRat, the new remote access trojan (RAT) is able to steal data points like location information, phone number and call history, unique identification number and more. It can even access the camera and microphone on an infected device to relay information back to the threat actors.

CapraRat Android remote access trojan Download