top of page
Search

CapraRAT Android Backdoor Campaign

Updated: Mar 8



In February of 2022, a group known as Transparent Tribe was linked to an ongoing cyber espionage campaign that targeted Indian and Pakistani Android users with a backdoor called CapraRAT. This backdoor was distributed via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp. It's estimated that as many as 150 victims, likely with military or political leanings, were targeted. The malware (com.meetup.app) was available to download from fake websites that masqueraded as the official distribution centers of these apps.


It's suspected that the targets were lured through a honeytrap romance scam wherein the threat actor approaches the victims via another platform and persuades them to install the malware-laced apps under the pretext of "secure" messaging and calling. However, the apps, besides offering the promised functionality, came implanted with CapraRAT, a modified version of the open source AndroRAT that was first documented by Trend Micro. This version of the malware exhibits overlaps with a Windows malware known as CrimsonRAT. The backdoor is packed with an extensive set of features that allows it to take screenshots and photos, record phone calls and surrounding audio, and exfiltrate other sensitive information. It can also make calls, send SMS messages, and receive commands to download files.


This is just one example of the many ways that threat actors are using malware to target victims. It's important to be aware of the methods that these groups are using to infect devices in order to better protect yourself and your data.

bottom of page