CapraRAT (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-05 18:56:44 UTC
apk.capra_rat (Back to overview)
CapraRAT
Actor(s): Operation C-Major
According to PCrisk, CapraRAT is the name of an Android remote access trojan (RAT), possibly a modified
version of another (open-source) RAT called AndroRAT. It is known that CapraRAT is used by an advanced
persistent threat group (ATP) called APT36 (also known as Earth Karkaddan). CapraRAT allows attackers to
perform certain actions on the infected Android device.
References
2023-09-18 ⋅ SentinelOne ⋅ Alex Delamotte
CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
CapraRAT Operation C-Major
2023-03-07 ⋅ ESET Research ⋅ Lukáš Štefanko
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
CapraRAT
2022-01-24 ⋅ Trend Micro ⋅ Trend Micro
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
CapraRAT Crimson RAT Oblique RAT Operation C-Major
There is no Yara-Signature yet.
Source: https://malpedia.caad.fkie.fraunhofer.de/details/apk.capra_rat
https://malpedia.caad.fkie.fraunhofer.de/details/apk.capra_rat
Page 1 of 1