Transparent Tribe has two modules that are capable of stealing files from removable drives—USB Driver and USB Worm. In 2020, the APT group was seen taking advantage of a COVID-19 tracking app to target Indian government and military personnel.
This highly prolific cyberespionage group, also known as ProjectM and Mythic Leopard, has been active since at least 2013 and typically targets Indian military and government personnel. Their main malware is a custom .NET RAT known publicly as Crimson RAT, which is spread via malicious documents with an embedded macro, but they’ve begun using other custom malware. Their sophistication has grown this past year, as well as their focus on Afghanistan.