Security News > 2021 > February > Military, Nuclear Entities Under Target By Novel Android Malware
Researchers have uncovered two novel Android surveillanceware families being used by an advanced persistent threat group to target military, nuclear and election entities in Pakistan and Kashmir.
The two malware families, which researchers call "Hornbill" and "SunBird," have sophisticated capabilities to exfiltrate SMS messages, encrypted messaging app content and geolocation, as well as other types of sensitive information.
"While SunBird features remote access trojan functionality - a malware that can execute commands on an infected device as directed by an attacker - Hornbill is a discreet surveillance tool used to extract a selected set of data of interest to its operator."
"SunBird has been disguised as applications such as security services, apps tied to specific locations or activities. Researchers said the majority of these applications appear to target Muslim individuals. Meanwhile, Hornbill applications impersonate various chat and system applications."Considering many of these malware samples are trojanized - as in they contain complete user functionality - social engineering may also play a part in convincing targets to install the malware," said Kumar and Del Rosso.
"Not only does it target a limited set of data, the malware only uploads data when it initially runs and not at regular intervals like SunBird.
SunBird's name stemmed from the malicious services within the malware called "SunService" - and the sunbird is also native to India, they said.
News URL
https://threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/
Related news
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- Necro malware continues to haunt side-loaders of dodgy Android mods (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Necro Android Malware Found in Popular Camera and Browser Apps on Play Store (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)