Tech

Facebook shuts down Pakistani hacker group APT36: How it works, apps used and more


Facebook has stopped hacking-related cyber espionage in Pakistan targeted people in India, including military personnel and government officials. This Pakistani hacker group is known in the security industry as APT36. According to Meta’s ‘Adversary Threats’ Quarterly Report, their mode of operation includes various methods such as honey traps and infiltrating victims’ devices with malware. “Our investigation linked this activity to state-affiliated organizations in Pakistan,” Meta said in its report.
How APT36 hackers work
According to the report, the group targeted a variety of services on the Internet – from email providers to file hosting services to social media. “APT36 used various malicious tactics to target people online with social engineering to infect their devices with malware. They used a combination of malicious links and disguised as fake apps to spread targeted malware Android and Windows devices,” the Meta report said.
The Pakistani hacker group used fictional characters – posing as recruiters for both legitimate and fake companies, military personnel or attractive young women looking to form a romantic relationship – in an attempt to build Build trust with the people they target. The team deployed a variety of tactics, including the use of custom infrastructure, to distribute their malware. Additionally, the group used popular file-sharing services like WeTransfer to store malware for short periods of time.

APT36 used fake versions of WhatsApp, YouTube, Google Drive and more
Meta noticed that in this recent activity, APT36 also trojanised (unofficial) WhatsApp versions, WeChat and YouTube with another group of commodity malware called Mobzsar or CapraSpy. Pakistan-based hackers also use link shortening services to disguise malicious URLs.
They used social tags and preview sites – online tools used in marketing to customize which images are displayed when a particular URL is shared on social media – to hide the redirection and ownership of domains controlled by APT36. “Some of these domains masquerade as photo sharing sites or generic app stores, while others masquerade as real companies’ domains like the Google Play Store, Microsoftof OneDrive and Google Drive,” the report added.

In several cases, this group used a modified version of the commodity Android malware called ‘XploitSPY’ available on Github. While ‘XploitSPY’ appears to have been developed originally by a group of ethical self-reported hackers in India, APT36 has made modifications to it to create a new malware variant called is ‘LazaSpy’. “Both malware families are capable of accessing call logs, contacts, files, text messages, geo-location, device information, photos, and microphone activation,” the report said. .





Source link

news7h

News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button