APT36 Hackers fakes India Post to Deploy Malware on Windows and Android

Deceptive Website Targets Windows and Android Users

In a recent cyberattack, a group of hackers linked to Pakistan, known as APT36, has been found spreading malware through a fake India Post website. This malicious campaign aims to compromise both Windows and Android users by tricking them into downloading harmful files.

The fraudulent website, named “postindia[.]site”, is designed to look like the official India Post website. People who visit the fake site from a Windows computer are prompted to download what appears to be a PDF file. However, this file contains hidden instructions that can potentially give hackers access to the user’s system.

Android users, on the other hand, are directed to download an app called “indiapost.apk”, claiming it will offer a better experience. Unfortunately, the app is a dangerous tool designed to steal sensitive data from the user’s device.

How the Malware Works

When Windows users open the fake PDF, they see a document with “ClickFix” tricks. It tells them to press Win + R and enter a PowerShell command in the Run box. PowerShell is a tool that runs scripts and automates tasks on Windows. In this case, the command secretly downloads harmful files from a remote server. This lets the hackers take control of the system or steal important data.

Cybersecurity experts from CYFIRMA studied the hidden details of the PDF. They found it was created on October 23, 2024, by an author named “PMYLS.” This name likely refers to Pakistan’s Prime Minister Youth Laptop Scheme, linking it to Pakistani state-backed hackers. The fake website domain was registered a month later, on November 20, 2024. This gave the hackers time to plan and launch the attack.

Android users are lured into installing the malicious “indiapost.apk” app, which asks for extensive permissions. Once installed, the app secretly accesses and exfiltrates sensitive information, including contact lists, current location, files from external storage.

To avoid raising suspicion, the app disguises itself by changing its icon to look like Google Accounts, making it hard for users to recognize and delete. Even if the device is restarted, the app continues running in the background, collecting data and sending it to the hackers.

Worse still, the app is programmed to ignore battery optimization settings, ensuring it stays active at all times. If users deny any permissions, the app repeatedly asks for them until they are granted, making it extremely difficult to control.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

Widespread Threat Using Deceptive Tactics

The APT36 group is not new to cyberattacks. They are known for using smart tricks to target government offices, businesses, and people, mainly in India. This latest attack shows they are getting smarter. They are now aiming at both computers and mobile devices at the same time.

CYFIRMA warned that the ClickFix trick is becoming more common. Hackers use it to fool people, even those who know about technology. It tricks users into running harmful commands. This helps attackers sneak into their systems without them knowing.

Cybersecurity experts stress that these types of attacks are extremely dangerous because they use realistic-looking websites and trusted names, like India Post, to fool users. By the time users realize they’ve been duped, their personal data may already be in the hands of cybercriminals.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

Leaked emails expose Epstein’s secret hand in Israel–Mongolia security pact with Barak

A new set of leaked emails shows Jeffrey Epstein...

Award stage turns battlefield as Harris brands Trump an unchecked, incompetent and unhinged President

Kamala Harris, the former vice president and 2024 Democratic...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Federal firepower hits AOC’s Queens district as FBI targets Roosevelt Avenue crime empire

The FBI has moved into action in Queens, New...

Book bombshell: Harris says Newsom never called back after dismissive ‘Hiking’ message

Former Vice President Kamala Harris is making headlines again,...

South Korea reels from wave of cyberattacks — nearly 1 million personal records stolen in 2025

Cyberattacks on South Korea’s state agencies have reached alarming...

Kristi Noem Accused of Rushing Millions to Florida Pier Near Rumored Lover’s Home

Homeland Security Secretary Kristi Noem faces serious questions. A...

Ian Calderon moves to address cost of living crisis in bid to succeed Gavin Newsom as governor

A Millennial Candidate Steps Forward Former California State Assembly Majority...

Harrods Issues Urgent Warning After Customer Data Stolen in IT Breach

Personal details exposed in breach at third-party system Luxury department...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Book bombshell: Harris says Newsom never called back after dismissive ‘Hiking’ message

Former Vice President Kamala Harris is making headlines again,...

South Korea reels from wave of cyberattacks — nearly 1 million personal records stolen in 2025

Cyberattacks on South Korea’s state agencies have reached alarming...

Kristi Noem Accused of Rushing Millions to Florida Pier Near Rumored Lover’s Home

Homeland Security Secretary Kristi Noem faces serious questions. A...

Related Articles

Popular Categories

error: Content is protected !!