Security News > 2021 > February > Military, Nuclear Entities Under Target By Novel Android Malware
Researchers have uncovered two novel Android surveillanceware families being used by an advanced persistent threat group to target military, nuclear and election entities in Pakistan and Kashmir.
The two malware families, which researchers call "Hornbill" and "SunBird," have sophisticated capabilities to exfiltrate SMS messages, encrypted messaging app content and geolocation, as well as other types of sensitive information.
"While SunBird features remote access trojan functionality - a malware that can execute commands on an infected device as directed by an attacker - Hornbill is a discreet surveillance tool used to extract a selected set of data of interest to its operator."
"SunBird has been disguised as applications such as security services, apps tied to specific locations or activities. Researchers said the majority of these applications appear to target Muslim individuals. Meanwhile, Hornbill applications impersonate various chat and system applications."Considering many of these malware samples are trojanized - as in they contain complete user functionality - social engineering may also play a part in convincing targets to install the malware," said Kumar and Del Rosso.
"Not only does it target a limited set of data, the malware only uploads data when it initially runs and not at regular intervals like SunBird.
SunBird's name stemmed from the malicious services within the malware called "SunService" - and the sunbird is also native to India, they said.
News URL
https://threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)