Security News > 2021 > February > Newly Discovered Android Spyware Linked to State-Sponsored Indian Hackers
Researchers at mobile security firm Lookout have published information on two recently discovered Android spyware families employed by an advanced persistent threat group named Confucius.
For the past several years it also switched to mobile malware, with the first Android surveillanceware ChatSpy being observed in 2018.
In a new report, Lookout revealed that the threat actor might have started using Android spyware in 2017, with SunBird, which has been masquerading as applications mostly targeting Muslim individuals.
Both malware families can target a broad range of data for exfiltration, including call logs, contacts, device metadata, Android version, geolocation, images from external storage, and WhatsApp voice notes.
SunBird is likely the work of the Indian developers who also built the BuzzOut commercial spyware.
Lookout identified a total of 156 victims from India, Pakistan, and Kazakhstan, and was able to link the malware families to the Confucius APT through the use of specific infrastructure and similar tactics for hiding the malware's intent.
News URL
Related news
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- 'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan (source)
- Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)