APT36 Hackers fakes India Post to Deploy Malware on Windows and Android

Deceptive Website Targets Windows and Android Users

In a recent cyberattack, a group of hackers linked to Pakistan, known as APT36, has been found spreading malware through a fake India Post website. This malicious campaign aims to compromise both Windows and Android users by tricking them into downloading harmful files.

The fraudulent website, named “postindia[.]site”, is designed to look like the official India Post website. People who visit the fake site from a Windows computer are prompted to download what appears to be a PDF file. However, this file contains hidden instructions that can potentially give hackers access to the user’s system.

Android users, on the other hand, are directed to download an app called “indiapost.apk”, claiming it will offer a better experience. Unfortunately, the app is a dangerous tool designed to steal sensitive data from the user’s device.

How the Malware Works

When Windows users open the fake PDF, they see a document with “ClickFix” tricks. It tells them to press Win + R and enter a PowerShell command in the Run box. PowerShell is a tool that runs scripts and automates tasks on Windows. In this case, the command secretly downloads harmful files from a remote server. This lets the hackers take control of the system or steal important data.

Cybersecurity experts from CYFIRMA studied the hidden details of the PDF. They found it was created on October 23, 2024, by an author named “PMYLS.” This name likely refers to Pakistan’s Prime Minister Youth Laptop Scheme, linking it to Pakistani state-backed hackers. The fake website domain was registered a month later, on November 20, 2024. This gave the hackers time to plan and launch the attack.

Android users are lured into installing the malicious “indiapost.apk” app, which asks for extensive permissions. Once installed, the app secretly accesses and exfiltrates sensitive information, including contact lists, current location, files from external storage.

To avoid raising suspicion, the app disguises itself by changing its icon to look like Google Accounts, making it hard for users to recognize and delete. Even if the device is restarted, the app continues running in the background, collecting data and sending it to the hackers.

Worse still, the app is programmed to ignore battery optimization settings, ensuring it stays active at all times. If users deny any permissions, the app repeatedly asks for them until they are granted, making it extremely difficult to control.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

Widespread Threat Using Deceptive Tactics

The APT36 group is not new to cyberattacks. They are known for using smart tricks to target government offices, businesses, and people, mainly in India. This latest attack shows they are getting smarter. They are now aiming at both computers and mobile devices at the same time.

CYFIRMA warned that the ClickFix trick is becoming more common. Hackers use it to fool people, even those who know about technology. It tricks users into running harmful commands. This helps attackers sneak into their systems without them knowing.

Cybersecurity experts stress that these types of attacks are extremely dangerous because they use realistic-looking websites and trusted names, like India Post, to fool users. By the time users realize they’ve been duped, their personal data may already be in the hands of cybercriminals.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

Slopsquatting Exploits Fake AI Suggestions to Spread Malware

What Is Slopsquatting? A new kind of cyber trick is...

XorDDoS Malware Now Strikes Docker and IoT Devices with Greater Force

Cybersecurity researchers have found new details about the dangerous...

MysterySnail Malware Strikes Again in Russia and Mongolia

A Sneaky New Cyber Weapon in Play A group of...

Agent Tesla Strikes Again with Hidden Scripts and Smart Tricks

A Sneaky New Malware Campaign Uncovered A newly discovered malware...

Dangerous Malware Ads on Facebook and TikTok Target Android Users

Scam Ads Lure Victims Through Social Media In Singapore, Android...

Schedule 1 Players at Risk from Malicious Mods

 What’s Happening With Schedule 1 Mods? Schedule 1 is a...

Wallet Theft Alert as Fake Python Tools Target Crypto Coders

A Dangerous Trick on Crypto Developers A recent cyberattack has...

Russia-Linked Hackers Use Fake Wine Event to Target European Diplomats

A Sneaky Cyber Trick Disguised as a Friendly Invitation A...

The Node.js Trap: When Safe Software Becomes a Cyber Threat

A Trusted Developer Tool Now in the Hands of...

Fake PDF Websites Are the New Trick in Online Scams

A Fake Tool That Looks Real A new threat is...

Slopsquatting Exploits Fake AI Suggestions to Spread Malware

What Is Slopsquatting? A new kind of cyber trick is...

XorDDoS Malware Now Strikes Docker and IoT Devices with Greater Force

Cybersecurity researchers have found new details about the dangerous...

MysterySnail Malware Strikes Again in Russia and Mongolia

A Sneaky New Cyber Weapon in Play A group of...

Agent Tesla Strikes Again with Hidden Scripts and Smart Tricks

A Sneaky New Malware Campaign Uncovered A newly discovered malware...

Dangerous Malware Ads on Facebook and TikTok Target Android Users

Scam Ads Lure Victims Through Social Media In Singapore, Android...

Schedule 1 Players at Risk from Malicious Mods

 What’s Happening With Schedule 1 Mods? Schedule 1 is a...

Wallet Theft Alert as Fake Python Tools Target Crypto Coders

A Dangerous Trick on Crypto Developers A recent cyberattack has...

Russia-Linked Hackers Use Fake Wine Event to Target European Diplomats

A Sneaky Cyber Trick Disguised as a Friendly Invitation A...

Related Articles

Popular Categories

error: Content is protected !!