The Transparent Tribe Vibe: APT36 Returns With CapraRAT Impersonating Viber
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
APT36, also known as Transparent Tribe, has been observed using VPS provider Contabo to host malicious infrastructure for CapraRAT and Crimson RAT. Their latest tactic involves disguising spyware as the popular messaging app Viber, granting extensive permissions to record calls, read messages, and track location. The investigation traced the infrastructure, identified key Indicators of Compromise, and uncovered the full extent of this Android surveillance campaign. The threat actor employs social engineering tactics to distribute their Android Remote Access Trojans, with lures crafted to align with the RAT's disguise. The malware's capabilities include targeted surveillance, credential theft, and infrastructure abuse, potentially eroding brand trust in legitimate communication platforms.
OPENCTI LABELS :
spyware,android,impersonation,transparent tribe,crimson rat,caprarat,contabo,vps,androrat,viber
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
The Transparent Tribe Vibe: APT36 Returns With CapraRAT Impersonating Viber