Professional Reviews

The reviews found on WizCase consist of evaluations conducted by community reviewers. These assessments take into account the reviewers' unbiased and knowledgeable analysis of the products and services being reviewed.


WizCase is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we've partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

Wizcase contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on WizCase are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

Transparent Tribe Distributes CapraRAT Through Trojanized YouTube Apps

Shipra Sanganeria
Published by Shipra Sanganeria on September 19, 2023

Transparent Tribe, the suspected Pakistan-linked threat actor, was observed using fake YouTube apps to infect victims’ devices with its remote access trojan (RAT), ‘CapraRAT.’

The group, also known as APT36 is known for using malware-laced tools to target government and defense personnel in India, human rights activists in Pakistan, and those involved in the disputed region of Kashmir.

The trojanized applications, which was first discovered by SentinelLabs, acts as a cyber espionage tool. It can extract and modify files and data, record audios and videos, capture screenshots, send and block incoming SMS messages, override system settings, and initiate phone calls.

These Android apps are distributed outside of the Google Play Store, so it can be deduced that social engineering tactics are employed to lure the victims into downloading and installing the apps. ‘’Earlier in 2023, the group distributed CapraRAT Android apps disguised as a dating service that conducted spyware activity,’’ SentinelLabs revealed.

The latest Android package (APKs) identified contained two apps called ‘YouTube’ and one ‘Piya Sharma.’ The dubious app associated with its namesake suggests, ‘’that the actor continues to use romance-based social engineering techniques to convince targets to install the applications.”

Once installed, these apps request several intrusive permissions to extract sensitive information related to the victim, which is then transferred to an actor controlled C2 (command and control) server. Permissions like, microphone or location access are treated as non-suspicious by the victims.

SentinelLabs reports that the user experience of these apps is different from the native YouTube app available on the official Android Play Store. For a user it’s more like viewing YouTube in a mobile web browser. The reason being the use of WebView object within the trojanized app to launch the website.

In conclusion, SentinelLabs findings reveal that the threat actor will continue with its cyber espionage activities within these countries with new and adaptable malware tools. ‘’The group’s decision to make a YouTube-like app is a new addition to a known trend of the group [..]. Individuals and organizations connected to diplomatic, military, or activist matters in the India and Pakistan regions should evaluate defense against this actor and threat.’’

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Thanks for your feedback