CapraRAT for Android Targets Indian Officials
Many of the malware families that major antivirus vendors report are not meant to be used against regular computer users. Instead, they are the products of highly-sophisticated cybercrime groups, which go after specific targets. Such is the case of the CapraRAT, a new Remote Access Trojan (RAT) compatible with Android devices. According to researchers, it has some resemblance with the CrimsonRAT Windows Trojan. Currently, the CapraRAT is being used in targeted attacks against military and diplomatic individuals/organizations in India.
Android Trojans have been becoming more and more common in recent years, as most people rely heavily on their phones for all sorts of things. The goal of the CapraRAT, and other threats of this type, is to gain control over the device. Typically, the escalated permissions of the malware are used to steal files, spy on users, and exfiltrate other sensitive information. It is not uncommon for threats like the CapraRAT to also have the ability to collect contacts and text messages, or even to record phone calls.
The criminals behind the campaign are abusing phishing techniques to get their targets to interact with malicious files. It seems that the CapraRAT was often disguised as a fake APK file posing as a legitimate video player or social media app for Android. However, instead of real software, the victim would be getting a Trojan installed on their device. The links to these bogus apps were often promoted via text messages, social media, or other phishing content. The spread of Android Trojans like this one once again underlines how important it is to protect your smartphone against malware. Using an up-to-date antivirus app for Android is a great way to ensure that you are not being spied on.