This malicious fake YouTube app could hijack your phone and record all your secrets
Avid mobile YouTube users, especially those engaged in diplomacy work in Pakistan and India, should be very careful when downloading the famed video app, as experts have uncovered at least three fake YouTube apps that are, in fact, remote access trojans (RAT), going after their data.
Cybersecurity researchers from SentinelLabs recently observed a threat actor known as Transparent Tribe (APT36), likely using social channels and fake landing pages to distribute apps that look like YouTube but are instead malware known as CapraRAT. The apps aren’t found in the official Google Play Store, Google confirmed to the media.
This remote access trojan can steal all sorts of sensitive data from the endpoint (SMS messages, call logs, GPS data, etc.), but also record audio and video and send it to its operators. It can also grab screenshots, override system settings and modify files on the device’s filesystem. All of that is enough, among other things, to run successful identity theft campaigns, phishing attacks, and social engineering attacks, not to mention outright data theft.
Active for years
Two of the apps are simply named YouTube, while the third one is called Piya Sharma – after an Indian anchor and influencer, and most likely used in romance-based fraud. All apps request extensive permissions at installation, which should be enough of a red flag for most people. If that wasn’t enough, the apps look more like a web browser than a native app and miss some of the features present in the legitimate YouTube app.
SentinelLabs says APT36 is most likely aligned with the Pakistani government and targets Indian defense and government entities, human rights activists, diplomats engaged in the Kashmir region, and similar.
The group has been active since at least 2018, and was observed earlier this year distributing CapraRAT apps disguised as dating services. To make sure you don’t fall for the trick, make sure to always download apps from official repositories only (for example, Google Play Store, or the Galaxy Store), and be wary of any permissions the apps request at installation.
More from TechRadar Pro
Avid mobile YouTube users, especially those engaged in diplomacy work in Pakistan and India, should be very careful when downloading the famed video app, as experts have uncovered at least three fake YouTube apps that are, in fact, remote access trojans (RAT), going after their data. Cybersecurity researchers from SentinelLabs…
Recent Posts
- Network specialist debuts free tool that promises to solve VPN and ZTNA connectivity issues for good
- This pink Nvidia RTX 4060 GPU features adorable cats and pugs, oh my!
- Peacock may increase the cost of its monthly and annual plans again
- Is your MSI Claw struggling with performance issues? Download the latest GPU and BIOS update ASAP
- Quordle today – hints and answers for Wednesday, May 1 (game #828)
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011