Security News > 2021 > February > Newly Discovered Android Spyware Linked to State-Sponsored Indian Hackers

Newly Discovered Android Spyware Linked to State-Sponsored Indian Hackers
2021-02-11 15:10

Researchers at mobile security firm Lookout have published information on two recently discovered Android spyware families employed by an advanced persistent threat group named Confucius.

For the past several years it also switched to mobile malware, with the first Android surveillanceware ChatSpy being observed in 2018.

In a new report, Lookout revealed that the threat actor might have started using Android spyware in 2017, with SunBird, which has been masquerading as applications mostly targeting Muslim individuals.

Both malware families can target a broad range of data for exfiltration, including call logs, contacts, device metadata, Android version, geolocation, images from external storage, and WhatsApp voice notes.

SunBird is likely the work of the Indian developers who also built the BuzzOut commercial spyware.

Lookout identified a total of 156 victims from India, Pakistan, and Kazakhstan, and was able to link the malware families to the Confucius APT through the use of specific infrastructure and similar tactics for hiding the malware's intent.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/_q2bpGEMvuQ/newly-discovered-android-spyware-linked-state-sponsored-indian-hackers