Security News > 2021 > February > Military, Nuclear Entities Under Target By Novel Android Malware

Researchers have uncovered two novel Android surveillanceware families being used by an advanced persistent threat group to target military, nuclear and election entities in Pakistan and Kashmir.

The two malware families, which researchers call "Hornbill" and "SunBird," have sophisticated capabilities to exfiltrate SMS messages, encrypted messaging app content and geolocation, as well as other types of sensitive information.

"While SunBird features remote access trojan functionality - a malware that can execute commands on an infected device as directed by an attacker - Hornbill is a discreet surveillance tool used to extract a selected set of data of interest to its operator."

"SunBird has been disguised as applications such as security services, apps tied to specific locations or activities. Researchers said the majority of these applications appear to target Muslim individuals. Meanwhile, Hornbill applications impersonate various chat and system applications."Considering many of these malware samples are trojanized - as in they contain complete user functionality - social engineering may also play a part in convincing targets to install the malware," said Kumar and Del Rosso.

"Not only does it target a limited set of data, the malware only uploads data when it initially runs and not at regular intervals like SunBird.

SunBird's name stemmed from the malicious services within the malware called "SunService" - and the sunbird is also native to India, they said.

News URL

https://threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/