APT36 Malware Campaign Using Desktop Entry Files and Google Drive…

216.73.216.6

APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery

· Published 21/08/2025 21:05 · Modified 21/08/2025 21:35

Essential information

Published: 21/08/2025 21:05
Modified: 21/08/2025 21:35
Tags: 2025-08-21 apt36 ctfuft google drive icon data linux desktop persistence stealth stealth server syscall unix timestamp websocket
Related entities: 6 observables, 3 others

Description

Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting Indian government and defense entities. Active in August 2025, the group used phishing ZIP files containing malicious Linux “.desktop” shortcuts that downloaded payloads from Google Drive.

External references

https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery
https://otx.alienvault.com/pulse/68a78a27909fa2f7e2fab5a6

APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery

Essential information

Description

Related entities

Observables (6)

Others (3)

External references