News

Hackers From Pakistan Use Linux Malware Poseidon To Target Indian Government Agencies

The Pakistan-based advanced persistent threat (APT) actor mainly famous as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called “Poseidon”

The Poseidon malware is a kind of malware that enables operators to access a bunch of functionalities including keylogging, access to files, screen recording, and remote administrative control.

Moreover, it’s a second-stage payload Malware that was actually delivered utilizing the fake version of the Kavach two-factor app. Which is specifically used by Indian government agencies to provide safe and secure access to email services.

Tejaswini Sandapolla, Uptycs security stated in a technical report that “Poseidon is a second-stage payload malware associated with Transparent Tribe”.

 

In addition, he also stated that “in a general-purpose backdoor that enables attackers with a wide range of capabilities to hijack an infected host. Its functionalities include logging keystrokes, taking screen captures, uploading and downloading files, and remotely administering the system in various ways”.

Moreover, due to the high risk of malware attacks, Transparent Tribe is also tracked as APT 36, Operation C-major, Mythic Leopard, and PROJECTM.

It possesses a track record of targeting Indian government organizations, military personnel, defense contractors, and educational entities.

Additionally, it has frequently used Romanized versions of Kavach, the 2FA software that the Indian government requires, to spread a variety of malware like Crimson RAT and LimePad to gather important data.

Last year, another phishing campaign took advantage of getting a chance of weaponized attachments to download malware designed to exfiltrate database files created by the Karachi app.

 

Moreover, the most recent attacks target Linux users employed by Indian government organizations using a back doored version of Kavach. Showing an effort by the threat actor to broaden the scope of its attack beyond Windows and Android ecosystems.

According to Sandapolla, “When a user interacts with the malicious version of Kavach, the genuine login page is displayed to distract them”.

Meanwhile, “the payload is downloaded in the background, compromising the user’s system”.

On the other hand, the initial point of the infections is an ELF malware sample, a compiled Python executable that’s engineered to retrieve the other-stage Poseidon payload from a remote server.

Whereas, the cyber security company observed that rogue websites that pose as official Indian government websites are the main means by which fake Kavach apps are disseminated.

These websites include ksboard[.]in and www.rodra[.]in

As social engineering has become a primary attack vector used by Transparent Tribe, users working for the Indian government need to be proactive to check URLs received in emails before opening them.

Sandapolla said, “Repercussions of this APT36 attack could be significant, leading to loss of sensitive information, financial losses, compromised systems, and reputational damage”.

 

Read more:

Hackers are Now Using ChatGPT to Create Malwares

Godfather Malware is on the Loose Again: Regulators Issues Warning

 

 

Sponsored
Senoria Khursheed

Share
Published by
Senoria Khursheed

Recent Posts

Garena Free Fire India Launch Rumors: What Fans Need to Know

Reports suggest that Garena Free Fire is set to make a much-anticipated return to India.…

10 hours ago

Albania Bans TikTok for One Year: Here’s the Reason!

The Albanian government has announced a ban on the social media platform TikTok for a…

14 hours ago

Google Pixel 9 Pro vs. 8 Pro: Biggest Upgrades Compared

The launch of Google’s latest Pixel lineup brings an exciting chance to compare the new…

16 hours ago

Azad Kashmir to Host Pakistan’s First Women-Centric Software Technology Park

ISLAMABAD: In February next year, Pakistan is set to launch its first women-focused software technology…

17 hours ago

HEC Reveals Law Admission Test Date for LLB Students

The Law Admission Test (LAT) has been announced by the Higher Education Commission (HEC) of…

17 hours ago

Meta’s WhatsApp to Release New Playback Speed Feature for Videos

Meta's WhatsApp is rolling out a new playback speed feature, allowing users to adjust video…

1 day ago