Pro-India APT Group Deploys Android Spyware

Cybercrime as-a-service
Fraud Management & Cybercrime

SunBird and HornBill Malicious Apps Mainly Target Users in South Asia

Pro-India APT Group Deploys Android Spyware

Researchers at the San Franciso-based security firm Lookout have identified two new Android spyware tools used for cyberespionage campaigns in South Asia which they say are linked to “Confucius,” a pro-India advanced persistent threat group

See Also: Top 50 Security Threats

Confucius has been active since 2013, and mainly targets victims in Pakistan and other parts of South Asia, Lookout says.

The spyware tools, SunBird and Hornbill, have been deployed as malicious Android apps. The malware is designed to exfiltrate SMS, encrypted messaging app content, geolocation data and other sensitive information from Android devices.

The malware, which has been active since December, has targeted personnel linked to Pakistan’s military and nuclear authorities as well as Indian election officials in Kashmir.

Malware Capabilities

SunBird and HornBill are disguised as legitimate chat applications, such as Fruit Chat, Cucu Chat and Kako Chat, Lookout researchers say. Once the malicious apps are downloaded from third party app stores, they exfiltrate call logs, contacts, contact details, unique mobile identification number, geolocation and images on the victims’ phones and access WhatsApp contents.

SunBird, which is a remote access Trojan, has been designed with additional capabilities. These include the ability to exfiltrate information about the installed apps, steal browser history and run arbitrary commands with root…