Pakistani hackers using new malware to spy on Indian organisations, experts warn
Pakistani hackers are intensifying their cyber-espionage efforts against Indian organisations using a more advanced malware called ElizaRAT. This malware is specifically designed to secretly gather data from Indian computers, posing significant security challenges.
by India Today Tech · India TodayIn Short
- A Pakistani hacker group, known as Transparent Tribe or APT36, trying to target Indian organisations
- This malware, called ElizaRAT, has been designed to secretly gather information from computers in India
- Since its launch, ElizaRAT has been updated in different phases, each time becoming more advanced
A Pakistani hacker group, known as Transparent Tribe or APT36, has been ramping up its efforts to spy on Indian targets with a newly developed, more sophisticated malware. This malware, called ElizaRAT, has been designed to secretly gather information from computers in India. Researchers from cybersecurity company Check Point have been tracking ElizaRAT’s developments since it was first noticed in September 2023. Since then, they’ve noticed it getting more complex and harder to detect with each update.
What is ElizaRAT?
ElizaRAT is a type of malware—malicious software designed to take control of someone’s computer without them knowing. It often spreads through phishing attacks, where hackers trick people into clicking on a link to download files that seem harmless. These files can be stored on popular cloud platforms like Google Drive, making them seem trustworthy. Once downloaded, ElizaRAT installs itself on the victim’s computer and opens a secret channel for the hackers to control it remotely.
How does ElizaRAT work?
ElizaRAT can carry out many sneaky activities on an infected device. It gathers information, checks what the user is doing, and then sends this information back to the hackers. The program also verifies if the device is in India by checking the time zone setting. If it finds that the system matches Indian Standard Time, it continues to carry out its mission. This detail shows that ElizaRAT is specifically targeting computers in India.
The hackers behind Transparent Tribe use popular platforms like Google, Telegram, and Slack to communicate with infected computers, giving their activities a disguise that blends into regular internet traffic. This way, it’s harder for security teams to notice the unusual behavior.
Since its launch, ElizaRAT has been updated in different phases, each time becoming more advanced:
First Campaign: In the first stage, the malware used Slack’s messaging platform to send and receive commands.
Second Campaign: Later, a new version of ElizaRAT called Circle stopped using Slack and instead used a private virtual server, making it even harder to detect.
Third Campaign: The latest version uses Google Drive for communication, enabling the hackers to upload additional programs for gathering information from the infected computer.
What is being done about It?
To combat the risks posed by malware like ElizaRAT, Check Point has developed protective software that screens files before they enter a computer network. This system, called Threat Emulation, runs each file in a safe, virtual environment to check for suspicious behavior. If any harmful actions are detected, it prevents the malware from reaching users and provides them with a clean, safe version of the file instead.
In summary, ElizaRAT is an evolving cyber weapon used by Transparent Tribe to conduct espionage on Indian targets. As these hackers improve their tactics, security experts are working to stay ahead and protect sensitive information from falling into the wrong hands.