Avid mobile YouTube users, especially those engaged in diplomacy work in Pakistan and India, should be very careful when downloading the famed video app, as experts have uncovered at least three fake YouTube apps that are, in fact, remote access trojans (RAT), going after their data.

Cybersecurity researchers from SentinelLabs recently observed a threat actor known as Transparent Tribe (APT36), likely using social channels and fake landing pages to distribute apps that look like YouTube but are instead malware known as CapraRAT. The apps aren’t found in the official Google Play Store, Google confirmed to the media.

This remote access trojan can steal all sorts of sensitive data from the endpoint (SMS messages, call logs, GPS data, etc.), but also record audio and video and send it to its operators. It can also grab screenshots, override system settings and modify files on the device’s filesystem. All of that is enough, among other things, to run successful identity theft campaigns, phishing attacks, and social engineering attacks, not to mention outright data theft.

Active for years

Two of the apps are simply named YouTube, while the third one is called Piya Sharma – after an Indian anchor and influencer, and most likely used in romance-based fraud. All apps request extensive permissions at installation, which should be enough of a red flag for most people. If that wasn’t enough, the apps look more like a web browser than a native app and miss some of the features present in the legitimate YouTube app. 

SentinelLabs says APT36 is most likely aligned with the Pakistani government and targets Indian defense and government entities, human rights activists, diplomats engaged in the Kashmir region, and similar. 

The group has been active since at least 2018, and was observed earlier this year distributing CapraRAT apps disguised as dating services. To make sure you don’t fall for the trick, make sure to always download apps from official repositories only (for example, Google Play Store, or the Galaxy Store), and be wary of any permissions the apps request at installation.

More from TechRadar Pro

Go to Source

Follow us on FacebookTwitter and InstagramWe are growing. Join our 6,000+ followers and us.

At TechRookies.com will strive to help turn Tech Rookies into Pros!

Want more articles click Here!

Deals on Homepage!

M1 Finance is a highly recommended brokerage start investing today here!

WeBull. LIMITED TIME OFFER: Get 3 free stocks valued up to $6300 by opening & funding a #Webull brokerage account! “>Get started >Thanks for visiting!

Subscribe to our newsletters. Here! On the homepage

Tech Rookies Music Here!

Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.

Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting Teachrookies.com

Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.