According to a recent report, the Pakistan-based APT group Transparent Tribe is using a backdoored version of the Indian government-mandated 2FA software Kavach to target Linux users. This is the latest in a string of attacks by the group that have taken advantage of weaponized attachments and trojanized versions of Kavach to deploy a variety of malware, such as CrimsonRAT and LimePad, in order to harvest valuable information. Transparent Tribe, which is also tracked as APT36, Operation C-Major, PROJECTM, and Mythic Leopard, has a long history of targeting Indian government organizations, military personnel, defense contractors, and educational entities. The recent shift to targeting Linux users indicates an attempt by the group to expand its attack spectrum beyond the Windows and Android ecosystems.