Pakistani hackers target students in India with this malware, See how to avoid it
Pakistani hackers are said to be attacking Indian students with a malware campaign. Here is all you need to know about it.
_1648906119642_1657956826432_1657956826432.jpg "Pakistani hackers are currently going on with a malware campaign on Indian students")
If you are an Indian student, you need to be beware of a new malware campaign that is believed to be run by a group of Pakistani origin. The advanced persistent threat (APT) group, which is also known as Transparent Tribe, has been blamed for a new ongoing phishing campaign that targets students in educational institutions in India since December 2021.
"This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report by The Hacker News. The Transparent Tribe, also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, is suspected to be of Pakistani origin. This group has been known to strike government departments and firms in India and Afghanistan, especially with custom malware such as CrimsonRAT, ObliqueRAT, and CapraRAT.
Pakistani hackers going after Indian students
"The latest targeting of the educational sector may align with the strategic goals of espionage of the nation-state," Cisco Talos researchers told The Hacker News. "APTs will frequently target individuals at universities and technical research organizations in order to establish long term access to siphon off data related to ongoing research projects."
"This APT puts in a substantial effort towards social engineering their victims into infecting themselves," the researchers said.
The malware with its modular architecture allows the attackers to remotely control the target machine and eventually steal the browser credentials, record keystrokes, capture screenshots, and even execute arbitrary commands.
Additionally, a couple of the decoy documents are said to be hosted on education-themed domains (e.g., "studentsportal[.]co") that were registered on June 2021, with the infrastructure operated by a Pakistani web hosting services provider called Zain Hosting. "The entire scope of Zain Hosting's role in the Transparent Tribe organization is still unknown," the researchers noted. "This is likely one of many third-parties Transparent Tribe employs to prepare, stage and/or deploy components of their operation."
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.
