Pakistani hackers target students in India with this malware, See how to avoid it
If you are an Indian student, you need to be beware of a new malware campaign that is believed to be run by a group of Pakistani origin. The advanced persistent threat (APT) group, which is also known as Transparent Tribe, has been blamed for a new ongoing phishing campaign that targets students in educational institutions in India since December 2021.
"This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report by The Hacker News. The Transparent Tribe, also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, is suspected to be of Pakistani origin. This group has been known to strike government departments and firms in India and Afghanistan, especially with custom malware such as CrimsonRAT, ObliqueRAT, and CapraRAT.
"The latest targeting of the educational sector may align with the strategic goals of espionage of the nation-state," Cisco Talos researchers told The Hacker News. "APTs will frequently target individuals at universities and technical research organizations in order to establish long term access to siphon off data related to ongoing research projects."
"This APT puts in a substantial effort towards social engineering their victims into infecting themselves," the researchers said.
The malware with its modular architecture allows the attackers to remotely control the target machine and eventually steal the browser credentials, record keystrokes, capture screenshots, and even execute arbitrary commands.
Additionally, a couple of the decoy documents are said to be hosted on education-themed domains (e.g., "studentsportal[.]co") that were registered on June 2021, with the infrastructure operated by a
Read more on tech.hindustantimes.com
