A Pakistani hacker group, known as Transparent Tribe or APT36, is stepping up its efforts to spy on Indian targets with a newly developed, more sophisticated malware. This malware, named ElizaRAT, is designed to secretly collect information from computers in India. Researchers at cybersecurity company Check Point have been tracking the evolution of ElizaRAT since it was first spotted in September 2023. Since then, they have seen it become more complex and difficult to detect with each update.

What is ELIZARATE?

ElizaRAT is a type of malware—malicious software designed to take control of someone’s computer without them knowing. It often spreads through phishing attacks, where hackers trick people into clicking on a link to download files that seem harmless. These files can be stored on popular cloud platforms like Google Drive, making them reliable. Once downloaded, ElizaRAT installs itself on the victim’s computer and opens a covert channel for hackers to control it remotely.

How does ELIZARATE work?

ElizaRAT can perform many covert activities on an infected device. It gathers information, checks what the user is doing, and then sends this information back to the hackers. The program also verifies whether the device is in India or not by checking the time zone setting. If it finds that the system matches Indian Standard Time, it continues to carry out its mission. This description suggests that ElizaRAT is specifically targeting computers in India.

The hackers behind Transparent Tribe use popular platforms like Google, Telegram, and Slack to communicate with infected computers, giving their activities a camouflage that blends into regular Internet traffic. This way, it becomes harder for security teams to notice unusual behavior.

Since its launch, ElizaRAT has been updated in various stages, each time becoming more advanced:

First campaign: In the first phase, the malware used Slack’s messaging platform to send and receive commands.
Second campaign: Later, a new version of ElizaRAT, called Circle, stopped using Slack and instead used a private virtual server, making it even more difficult to detect.

Campaign Three: The latest version uses Google Drive for communications, enabling hackers to upload additional programs to collect information from infected computers.

What is being done about it?

To combat the risks posed by malware such as ElizaRAT, Check Point has developed protective software that screens files before they enter a computer network. This system, called threat emulation, runs each file in a secure, virtual environment to check for suspicious behavior. If any harmful activity is detected, it blocks the malware from reaching users and instead provides them with a clean, safe version of the file.

In short, ElizaRAT is a developed cyber weapon used by Transparent Tribe to spy on Indian targets. As these hackers are improving their tactics, security experts are working to stay ahead and keep sensitive information from falling into the wrong hands.