Researchers at cybersecurity firm SentinelLabs have discovered the spread of fake versions of the YouTube app, posing a threat to users' security and data integrity.
The researchers monitored at least three different versions of YouTube-like apps on Android devices. These are fake apps that are different from the original app and have RAT (Remote Control Trojan) type malware added to them. .
The fake YouTube app contains malware called CapraRAT that can steal various sensitive data from users' devices such as text messages, call logs, GPS data, etc.
In addition, it can access the microphone and camera, record and send audio and video clips to third parties, take screenshots, override system settings, and modify files in the device's file system.
These applications are used to launch successful campaigns aimed at directly stealing personal data and organizing phishing and social engineering attacks.
According to a report by SentinelLabs, all of these apps ask for advanced permissions upon installation, which should be warning enough for most people. When running these apps, they feel more like a web browser than a native app, and they lack some of the features of the native YouTube app.
According to reports, a hacking group called APT36 is behind these fake YouTube apps. The report notes that they are linked to the Pakistani government and primarily targeted Indian government agencies as well as political activists.
Android users are advised to be careful when downloading apps from trusted third-party official stores and be careful when granting permissions to installed apps.