top of page

Transparent Tribe APT uses 2FA tool as ruse to deliver Linux backdoor

According to a recent report, the Pakistan-based APT group Transparent Tribe is using a backdoored version of the Indian government-mandated 2FA software Kavach to target Linux users. This is the latest in a string of attacks by the group that have taken advantage of weaponized attachments and trojanized versions of Kavach to deploy a variety of malware, such as CrimsonRAT and LimePad, in order to harvest valuable information. Transparent Tribe, which is also tracked as APT36, Operation C-Major, PROJECTM, and Mythic Leopard, has a long history of targeting Indian government organizations, military personnel, defense contractors, and educational entities. The recent shift to targeting Linux users indicates an attempt by the group to expand its attack spectrum beyond the Windows and Android ecosystems.


bottom of page