Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:32:54 UTC
Home > List all groups > List all tools > List all groups using tool PoisonCarp
 Tool: PoisonCarp
Names
PoisonCarp
INSOMNIA
Category Malware
Type Backdoor, Info stealer, Exfiltration
Description
(Citizen Lab) We observed POISON CARP employing a total of eight Android browser
exploits and one Android spyware kit, as well as one iOS exploit chain and iOS spyware. None
of the exploits that we observed were zero days. POISON CARP overlaps with two recently
reported campaigns against the Uyghur community. The iOS exploit and spyware we observed
was used in watering hole attacks reported by Google Project Zero, and a website used to serve
exploits by POISON CARP was also observed in a campaign called “Evil Eye” reported by
Volexity. The Android malware used in the campaign is a fully featured spyware kit that has
not been previously documented.
Information
Malpedia Last change to this tool card: 24 April 2021
Download this tool card in JSON format
All groups using tool PoisonCarp
Changed Name Country Observed
APT groups
 Poison Carp, Evil Eye 2018-Jun 2023
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bdbce19d-0720-408e-99b9-d56d5df7c1e3
Page 1 of 2

1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bdbce19d-0720-408e-99b9-d56d5df7c1e3
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bdbce19d-0720-408e-99b9-d56d5df7c1e3
Page 2 of 2