‘Transparent Tribe’ APT Group Deploys New Android Spyware for Cyber Espionage

One for my Indian friends to be aware of…:

[…] According to Kaspersky, one of the two Android applications that Transparent Tribe is using to distribute the spyware is an open source video player that, when installed, serves up an adult video as a distraction while installing additional malware in the background. The second app masquerades as “Aarogya Setu,” a COVID-19 tracking app developed by the Indian government’s National Informatics Center.

Both apps try to install another Android package file on the compromised system. The package is a modified version of AhMyth, an open source Android remote access tool (RAT) that is freely available for download on GitHub. According to Kaspersky, the modified version lacks some features available on the original, such as the ability to steal pictures from an Android phone. But it also includes new features that improve the malware’s data exfiltration capabilities.

[…]

Original article here