This malicious fake YouTube app could hijack your phone and record all your secrets

News
By Sead Fadilpašić
published

It's going after diplomats, but other users could be affected

YouTube
YouTube on TV is changing (Image credit: Shutterstock)

Avid mobile YouTube users, especially those engaged in diplomacy work in Pakistan and India, should be very careful when downloading the famed video app, as experts have uncovered at least three fake YouTube apps that are, in fact, remote access trojans (RAT), going after their data.

Cybersecurity researchers from SentinelLabs recently observed a threat actor known as Transparent Tribe (APT36), likely using social channels and fake landing pages to distribute apps that look like YouTube but are instead malware known as CapraRAT. The apps aren’t found in the official Google Play Store, Google confirmed to the media.

This remote access trojan can steal all sorts of sensitive data from the endpoint (SMS messages, call logs, GPS data, etc.), but also record audio and video and send it to its operators. It can also grab screenshots, override system settings and modify files on the device’s filesystem. All of that is enough, among other things, to run successful identity theft campaigns, phishing attacks, and social engineering attacks, not to mention outright data theft.

Active for years

Two of the apps are simply named YouTube, while the third one is called Piya Sharma - after an Indian anchor and influencer, and most likely used in romance-based fraud. All apps request extensive permissions at installation, which should be enough of a red flag for most people. If that wasn’t enough, the apps look more like a web browser than a native app and miss some of the features present in the legitimate YouTube app. 

SentinelLabs says APT36 is most likely aligned with the Pakistani government and targets Indian defense and government entities, human rights activists, diplomats engaged in the Kashmir region, and similar. 

The group has been active since at least 2018, and was observed earlier this year distributing CapraRAT apps disguised as dating services. To make sure you don’t fall for the trick, make sure to always download apps from official repositories only (for example, Google Play Store, or the Galaxy Store), and be wary of any permissions the apps request at installation.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.