Another day, another Android spyware – This time, according to researchers there are two spyware targeting sensitive infrastructure in Pakistan on behalf of India.
Lookout Discovered State-Sponsored Hacking Campaigns
Cybersecurity firm Lookout’s threat intelligence team discovered two novel malware strains, which they dubbed SunBird and Hornbill. Both the strains are forms of Android spyware and linked to a pro-India advanced persistent threat (APT) group called Confucius.
Hornbill is MobileSpy-based spyware, which is a commercial stalkerware app used for remotely monitoring Android devices. However, the app was deactivated in 2018. On the other hand, SunBird’s codebase is similar to BuzzOut, which is another spyware developed in India.
Confucius Targeting Southeast Asian Countries
This group is believed to be state-sponsored, which was first discovered in 2013 and has mainly targeted Southeast Asian countries so far, including Pakistan. It is now targeting targeted Pakistani military personnel and nuclear agencies along with Indian election officials in Kashmir.
“While the exact number of victims is not known across all campaigns for SunBird and Hornbill, at least 156 victims were identified in a single campaign for Sunbird in 2019 and included phone numbers from India, Pakistan, and Kazakhstan. According to the publicly exposed exfiltrated data we were able to find, individuals in at least 14 different countries were targeted,” Lookout researchers noted.
Malware Records WhatsApp Conversations
Lookout Staff Security Intelligence Engineer, Apurva Kumar, wrote in a blog post that the malware compromises WhatsApp conversations. Both Hornbill and SunBird abuse Android accessibility services to exfiltra ..
Support the originator by clicking the read the rest link below.
