Newsinterpretation

APT36 Hackers fakes India Post to Deploy Malware on Windows and Android

Deceptive Website Targets Windows and Android Users

In a recent cyberattack, a group of hackers linked to Pakistan, known as APT36, has been found spreading malware through a fake India Post website. This malicious campaign aims to compromise both Windows and Android users by tricking them into downloading harmful files.

The fraudulent website, named “postindia[.]site”, is designed to look like the official India Post website. People who visit the fake site from a Windows computer are prompted to download what appears to be a PDF file. However, this file contains hidden instructions that can potentially give hackers access to the user’s system.

Android users, on the other hand, are directed to download an app called “indiapost.apk”, claiming it will offer a better experience. Unfortunately, the app is a dangerous tool designed to steal sensitive data from the user’s device.

How the Malware Works

When Windows users open the fake PDF, they see a document with “ClickFix” tricks. It tells them to press Win + R and enter a PowerShell command in the Run box. PowerShell is a tool that runs scripts and automates tasks on Windows. In this case, the command secretly downloads harmful files from a remote server. This lets the hackers take control of the system or steal important data.

Cybersecurity experts from CYFIRMA studied the hidden details of the PDF. They found it was created on October 23, 2024, by an author named “PMYLS.” This name likely refers to Pakistan’s Prime Minister Youth Laptop Scheme, linking it to Pakistani state-backed hackers. The fake website domain was registered a month later, on November 20, 2024. This gave the hackers time to plan and launch the attack.

Android users are lured into installing the malicious “indiapost.apk” app, which asks for extensive permissions. Once installed, the app secretly accesses and exfiltrates sensitive information, including contact lists, current location, files from external storage.

To avoid raising suspicion, the app disguises itself by changing its icon to look like Google Accounts, making it hard for users to recognize and delete. Even if the device is restarted, the app continues running in the background, collecting data and sending it to the hackers.

Worse still, the app is programmed to ignore battery optimization settings, ensuring it stays active at all times. If users deny any permissions, the app repeatedly asks for them until they are granted, making it extremely difficult to control.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

Widespread Threat Using Deceptive Tactics

The APT36 group is not new to cyberattacks. They are known for using smart tricks to target government offices, businesses, and people, mainly in India. This latest attack shows they are getting smarter. They are now aiming at both computers and mobile devices at the same time.

CYFIRMA warned that the ClickFix trick is becoming more common. Hackers use it to fool people, even those who know about technology. It tricks users into running harmful commands. This helps attackers sneak into their systems without them knowing.

Cybersecurity experts stress that these types of attacks are extremely dangerous because they use realistic-looking websites and trusted names, like India Post, to fool users. By the time users realize they’ve been duped, their personal data may already be in the hands of cybercriminals.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

“Pay more and enjoy nothing”—Newsom torches Trump’s tariff push as costs for food, cars, and flights soar

California Governor Gavin Newsom has strongly criticized President Donald...

Eric Trump explodes on Newsmax — claims Biden tried to break up Donald and Melania’s marriage

Eric Trump has sparked fresh controversy after making a...

Republicans brace as AOC’s rising momentum threatens to upend 2026 and 2028 elections

Republicans warn their party not to underestimate Representative Alexandria...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Canadian airline WestJet has confirmed that some passenger information...

Japanese beer giant Asahi confirms cyberattack halts shipping and ordering in Japan temporarily

Japanese beer giant Asahi has confirmed a cyber attack...

Leaked emails expose Epstein’s secret hand in Israel–Mongolia security pact with Barak

A new set of leaked emails shows Jeffrey Epstein...

Award stage turns battlefield as Harris brands Trump an unchecked, incompetent and unhinged President

Kamala Harris, the former vice president and 2024 Democratic...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Federal firepower hits AOC’s Queens district as FBI targets Roosevelt Avenue crime empire

The FBI has moved into action in Queens, New...

Republicans brace as AOC’s rising momentum threatens to upend 2026 and 2028 elections

Republicans warn their party not to underestimate Representative Alexandria...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Canadian airline WestJet has confirmed that some passenger information...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...
error: Content is protected !!
Exit mobile version