APT36 Hackers fakes India Post to Deploy Malware on Windows and Android

Deceptive Website Targets Windows and Android Users

In a recent cyberattack, a group of hackers linked to Pakistan, known as APT36, has been found spreading malware through a fake India Post website. This malicious campaign aims to compromise both Windows and Android users by tricking them into downloading harmful files.

The fraudulent website, named “postindia[.]site”, is designed to look like the official India Post website. People who visit the fake site from a Windows computer are prompted to download what appears to be a PDF file. However, this file contains hidden instructions that can potentially give hackers access to the user’s system.

Android users, on the other hand, are directed to download an app called “indiapost.apk”, claiming it will offer a better experience. Unfortunately, the app is a dangerous tool designed to steal sensitive data from the user’s device.

How the Malware Works

When Windows users open the fake PDF, they see a document with “ClickFix” tricks. It tells them to press Win + R and enter a PowerShell command in the Run box. PowerShell is a tool that runs scripts and automates tasks on Windows. In this case, the command secretly downloads harmful files from a remote server. This lets the hackers take control of the system or steal important data.

Cybersecurity experts from CYFIRMA studied the hidden details of the PDF. They found it was created on October 23, 2024, by an author named “PMYLS.” This name likely refers to Pakistan’s Prime Minister Youth Laptop Scheme, linking it to Pakistani state-backed hackers. The fake website domain was registered a month later, on November 20, 2024. This gave the hackers time to plan and launch the attack.

Android users are lured into installing the malicious “indiapost.apk” app, which asks for extensive permissions. Once installed, the app secretly accesses and exfiltrates sensitive information, including contact lists, current location, files from external storage.

To avoid raising suspicion, the app disguises itself by changing its icon to look like Google Accounts, making it hard for users to recognize and delete. Even if the device is restarted, the app continues running in the background, collecting data and sending it to the hackers.

Worse still, the app is programmed to ignore battery optimization settings, ensuring it stays active at all times. If users deny any permissions, the app repeatedly asks for them until they are granted, making it extremely difficult to control.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

Widespread Threat Using Deceptive Tactics

The APT36 group is not new to cyberattacks. They are known for using smart tricks to target government offices, businesses, and people, mainly in India. This latest attack shows they are getting smarter. They are now aiming at both computers and mobile devices at the same time.

CYFIRMA warned that the ClickFix trick is becoming more common. Hackers use it to fool people, even those who know about technology. It tricks users into running harmful commands. This helps attackers sneak into their systems without them knowing.

Cybersecurity experts stress that these types of attacks are extremely dangerous because they use realistic-looking websites and trusted names, like India Post, to fool users. By the time users realize they’ve been duped, their personal data may already be in the hands of cybercriminals.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

Tempers erupt after Marine shell explodes over I-5 — Newsom accuses Trump, Vance of reckless stunt

California Governor Gavin Newsom has unleashed a fierce attack...

Trump’s pardon of Santos sparks GOP infighting — Greene and Johnson trade blows in public feud

A loud argument has erupted inside the MAGA movement,...

Kamala Harris rallies Democrats during shutdown — ‘we won’t trade healthcare for tax breaks’

As the government shutdown stretches on, Kamala Harris, former...

Prince Andrew renounces royal titles in stunning move — says scandals ‘distracted from the monarchy

Prince Andrew has announced that he will no longer...

Symantec Confirms Chinese Hackers Breached Russian IT Firm — Hidden for 5 Months

In a surprising and unusual move, a Russian IT...

Vance vs. Newsom turns into a cliffhanger — new poll shows race too close to call

New polling numbers have stirred excitement in the political...

Trump Turns Peace Talks With Zelensky Into a Showdown With Maduro — ‘Don’t Mess With the U.S.

In a moment that stunned reporters and political observers,...

White House Press Secretary Karoline Leavitt slams Democrats for “catering to Hamas terrorists and illegal aliens”

White House Press Secretary Karoline Leavitt has openly criticized...

Related Articles

Popular Categories

error: Content is protected !!