Be careful what you download! Copies of the YouTube app for Android are currently spreading across the Internet, carrying with them the CapratRAT malware. His specialty? He spies on your every move.
Few people don’t have the YouTube app on their smartphones yet. However, fake applications imitating the famous platform are spreading on the Internet, despite everything they succeed in deceiving Internet users. The least we can say is that the consequences are dire for the victims. Computer security researchers from SentinelLabs Three corrupted versions of the YouTube for Android web app have been discovered. These use the platform’s logo and mimic its interface as best they can — in fact, they look more like a web browser than a native app. It also includes most, but not all, of the functionality of the official YouTube website. Of course, it carries a nice malware. Fortunately, we couldn’t find it on the Play Store, as it is only available in the form of APK files for download.
CapraRAT: Malware that spies on everything
Researchers found malware called CapraRAT in the code of the cloning applications. As the name suggests (RAT stands for Remote access trojan), can remotely control a computer system – here the Android operating system – via extremely intrusive authorizations, which the victim grants to him without any suspicion – it is YouTube, after all. All he has to do then is steal sensitive data on the infected device. Thus, it can listen to conversations using the microphone, take screenshots, take photos using the various sensors of the smartphone or even pull up messages, photos, videos and call history. All this information is transferred to remote servers. Worse still, CapraRAT can, without the knowledge of the victims, make phone calls, send SMS messages, bypass system settings (GPS, network…) and even modify files in the system. In short, malware has access to a wide range of highly sensitive information, such as passwords, intimate or compromising photos, banking details, and even the contents of digital wallets.
Researchers believe that these hacked apps come from Pakistan, and more specifically from the hacker group APT36 – also known as the Transparent Tribe. It is known to use malicious Android applications to attack government and military agencies, especially Indian ones, with unofficial support from the authorities. He specifically attacks organizations dealing with the affairs of the Kashmir region, as well as human rights activists in Pakistan.
For this reason, you should always download an app from an official store, such as the Play Store or App Store, keeping in mind that just because you download an app from an official store, we are not exposed to any risks. It is also recommended to only install the apps you need and delete the ones you no longer use. Before downloading, it is better to check small details that might alert us – reviews, developer name, permission requests… In any case, it is better to have an antivirus running in the background to double-check for any malicious behavior. a job.
