The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion targeting mobile gamers, weapons enthusiasts, and TikTok fans," SentinelOne security researcher Alex Delamotte said in a new report shared with The Hacker News. The campaign, dubbed CapraTube, was first outlined by the cybersecurity company in September 2023, with the hacking crew employing weaponized Android apps impersonating legitimate apps like YouTube to deliver a spyware called CapraRAT, a modified version of AndroRAT with capabilities to capture a wide range of sensitive data. Transparent Tribe, suspected to be of Pakistan origin, has leveraged CapraRAT for over two years in attacks targeting the Indian government and military personnel. The group has a history of leaning into spear-phishing and watering hole attacks to deliver a variety of Windows and Android spyware. "The activity highlighted in this report shows the continuation of this technique with updates to the social engineering pretexts as well as efforts to maximize the spyware's compatibility with older versions of the Android operating system while expanding the attack surface to include modern versions of Android," Delamotte explained. The list of new malicious APK files identified by SentinelOne is as follows – …Read More