Be careful what you download! Copies of the YouTube app for Android are currently spreading on the Internet and carry the CapratRAT malware with them. His specialty? Spy on your every move…
Few people do not yet have the YouTube application on their smartphone. However, fake apps imitating the famous platform are spreading on the Internet, despite everything being done to deceive Internet users. And the least we can say is that the consequences for the victims are serious. Computer security researchers at SentinelLabs have discovered three corrupt clones of the YouTube app for Android on the web. These use the platform’s logo and mimic its interface as best as possible – in reality, they resemble a web browser more than the native application. They also include most of the features of official YouTube, but not all. And of course they carry a nice malware with them. Fortunately, exceptionally we cannot find them in the Play Store as they are only offered for download in the form of APKs.
CapraRAT: Malware that spies on everything
Researchers found a malware called CapraRAT in the code of the cloning apps. As the name suggests (RAT stands for Remote Access Trojan), it can take remote control of a computer system – in this case the Android operating system – using very intrusive permissions that the victim gives it without suspicion – it is, after all, YouTube. Then all he has to do is steal the sensitive data that is on the infected device. It can listen to conversations via the microphone, take screenshots, take photos using the smartphone’s various sensors or even access messages, photos, videos and the call history. All this information is transmitted to remote servers. Worse still, CapraRAT can make calls, send SMS, override system settings (GPS, network, etc.), and even modify files in the system without the victim’s knowledge. In short, the malware has access to a wealth of very sensitive information, such as passwords, confidential or compromising photos, banking details and even the contents of digital wallets.
© SentinelLabs
Researchers believe that these compromised applications originate from Pakistan, specifically from the hacking group APT36 – also known as Transparent Tribe. Malicious Android applications are known to be used to attack government and military units, particularly Indian ones, with unofficial support from authorities. He particularly attacks organizations dealing with issues in the Kashmir region and human rights activists in Pakistan.
For this reason, you should always download an application from an official store such as the Play Store or the App Store. However, keep in mind that we are not taking any risk because you are downloading an application from an official store. It is also advisable to only install applications that you really need and delete those that you no longer use. Before downloading, it is best to check the small details that could alarm us – reviews, developer name, permission requests… In any case, it is best to leave an antivirus program running in the background to check a second time if there is no malicious behavior is present.