This malicious fake YouTube app could hijack your phone and record all your secrets

YouTube
YouTube on TV is changing (Image credit: Shutterstock)

Avid mobile YouTube users, especially those engaged in diplomacy work in Pakistan and India, should be very careful when downloading the famed video app, as experts have uncovered at least three fake YouTube apps that are, in fact, remote access trojans (RAT), going after their data.

Cybersecurity researchers from SentinelLabs recently observed a threat actor known as Transparent Tribe (APT36), likely using social channels and fake landing pages to distribute apps that look like YouTube but are instead malware known as CapraRAT. The apps aren’t found in the official Google Play Store, Google confirmed to the media.

This remote access trojan can steal all sorts of sensitive data from the endpoint (SMS messages, call logs, GPS data, etc.), but also record audio and video and send it to its operators. It can also grab screenshots, override system settings and modify files on the device’s filesystem. All of that is enough, among other things, to run successful identity theft campaigns, phishing attacks, and social engineering attacks, not to mention outright data theft.

Active for years

Two of the apps are simply named YouTube, while the third one is called Piya Sharma - after an Indian anchor and influencer, and most likely used in romance-based fraud. All apps request extensive permissions at installation, which should be enough of a red flag for most people. If that wasn’t enough, the apps look more like a web browser than a native app and miss some of the features present in the legitimate YouTube app. 

SentinelLabs says APT36 is most likely aligned with the Pakistani government and targets Indian defense and government entities, human rights activists, diplomats engaged in the Kashmir region, and similar. 

The group has been active since at least 2018, and was observed earlier this year distributing CapraRAT apps disguised as dating services. To make sure you don’t fall for the trick, make sure to always download apps from official repositories only (for example, Google Play Store, or the Galaxy Store), and be wary of any permissions the apps request at installation.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
the YouTube logo on a screen in front of other YouTube logos covering a black background
Worrying YouTube security flaw exposed billions of user emails
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
malware
Google warns of legit VPN apps being used to infect devices with malware
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC