Home Wired Pakistan APT Group Targets Indian Government with Fake 2FA App

Pakistan APT Group Targets Indian Government with Fake 2FA App

0
Pakistan APT Group Targets Indian Government with Fake 2FA App

A Pakistani hacking group known as Transparent Tribe (APT36) has launched a cyberattack campaign targeting Indian government agencies. The attack leverages a fake two-factor authentication (2FA) app to deploy a malicious backdoor called “Poseidon” on Linux systems.

Fake Kavach App Delivers Backdoor:

Transparent Tribe used a spoofed version of “Kavach,” a legitimate 2FA app mandated by Indian government agencies. Unsuspecting users downloading the fake app unwittingly granted attackers access to a range of functionalities, including keylogging, file access, screen recording, and remote system control.

Second-Stage Payload:

Security researcher Tejaswini Sandapolla of Uptycs explains that Poseidon is a second-stage payload malware delivered through the fake Kavach app. This malware empowers attackers to steal sensitive data, disrupt operations, and potentially cause significant financial losses.

While Transparent Tribe has a history of targeting Indian government entities on Windows and Android, this latest campaign demonstrates their attempt to expand their reach to Linux systems. This highlights the evolving tactics of cybercriminals and the need for heightened vigilance across all platforms.

Social Engineering Tactics:

The attack relies on social engineering, luring users into downloading the fake app from malicious websites disguised as legitimate Indian government portals. Experts urge caution against clicking on suspicious links in emails, especially those targeting government personnel.

Uptycs warns that the repercussions of this APT36 attack could be severe. Data breaches, financial losses, compromised systems, and reputational damage are all potential outcomes if targeted individuals fall victim to the scam.

LEAVE A REPLY

Please enter your comment!
Please enter your name here