Lookout Unmasks State-sponsored Android Spyware Tied to India-Pakistan Conflict
- Wall Street ends week positively; S&P 500, Dow hit record highs
- Bitcoin (BTC) Drops 3% as Turkey Bans Cryptocurrency Payments Citing Lack of Regulatory Supervision
- Morgan Stanley (MS) Archegos-Related Loss Appears to be $911M
- Dollar at 4-week low on retreating Treasury yields
Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here.
SAN FRANCISCO, Feb. 11, 2021 /PRNewswire/ -- Lookout, Inc., the leader in mobile security, today announced the discovery of two novel Android surveillanceware, Hornbill and SunBird. The Lookout Threat Intelligence team believes these campaigns are connected to the Confucius APT, a well-known pro-India state-sponsored advanced persistent threat group. Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS message content, encrypted messaging app content, geolocation, contact information, call logs, as well as file and directory listings. The surveillanceware targets personnel linked to Pakistan's military and nuclear authorities and Indian election officials in Kashmir.
The Confucius group was previously reported to have first leveraged mobile malware in 2017 with ChatSpy1. However, based on this new discovery, Lookout researchers found that Confucius may have been spying on mobile users for up to a year prior to ChatSpy with SunBird. SunBird campaigns were first detected by Lookout researchers in 2017 but no longer seem to be active. The APT's latest malware, Hornbill, is still actively in use and Lookout researchers have observed new samples as recently as December 2020.
"One characteristic of Hornbill and SunBird that stands out is their intense focus on exfiltrating a target's communications via WhatsApp," said Apurva Kumar, Staff Security Intelligence Engineer at Lookout. "In both cases, the surveillanceware abused the Android accessibility services in a variety of ways to exfiltrate communications without the need for root access. SunBird can also record calls made through WhatsApp's VoIP service, exfiltrate data on applications such as BlackBerry Messenger and imo, as well as execute attacker-specified commands on an infected device."
Both Hornbill and SunBird appear to be evolved versions of commercial Android surveillance tooling. Hornbill was likely derived from the same code base as an earlier commercial surveillance product known as MobileSpy. Meanwhile, SunBird can be linked back to the Indian developers responsible for BuzzOut, an older commercial spyware tool. The Lookout researchers' theory that SunBird's roots also lay in stalkerware is supported by content found in the exfiltrated data that they uncovered on the malware's infrastructure in 2018. The data uncovered includes information about the stalkerware victims and campaigns targeting Pakistani nationals in their home country as well as those traveling abroad in the United Arab Emirates (UAE) and India.
Mobile devices are a treasure trove of private data, making them the prime target for cybercriminals to socially engineer successful attacks. Lookout secures consumers and enterprise users from these threats. Lookout Threat Advisory Services customers have already been notified and provided with in-depth intelligence on Hornbill and SunBird.
About LookoutLookout is the leader in mobile security, protecting the device at the intersection of the personal you and the professional you. Our mission is to secure and empower our digital future in a privacy-focused world where mobile devices are essential to all we do for work and play. We enable consumers and employees to protect their data, and to securely stay connected without violating their privacy and trust. Lookout is trusted by millions of consumers, enterprises, government agencies, and partners such as AT&T, Verizon, Vodafone, Microsoft, Google, and Apple. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com and follow Lookout on its blog, LinkedIn, and Twitter.
Contact Lookout PR: email@example.com
View original content to download multimedia:http://www.prnewswire.com/news-releases/lookout-unmasks-state-sponsored-android-spyware-tied-to-india-pakistan-conflict-301226624.html
Serious News for Serious Traders! Try StreetInsider.com Premium Free!
You May Also Be Interested In
- Fintech Provider ParagonEX Goes Green
- CPSC Warns Consumers: Stop Using the Peloton Tread+
- UNITE HERE Local 11 Asks Federal Agency to Ensure Chateau Marmont Complies with Loan Law