Security News > 2021 > February > Researchers Uncover Android Spying Campaign Targeting Pakistan Officials

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign.

"Some notable targets included an individual who applied for a position at the Pakistan Atomic Energy Commission, individuals with numerous contacts in the Pakistan Air Force, as well as officers responsible for electoral rolls located in the Pulwama district of Kashmir," the researchers said in a Wednesday analysis.

While Hornbill appears to be derived from the same code base as a previously active commercial surveillance product known as MobileSpy, SunBird has been traced to a group of Indian developers behind another mobile tracking software called BuzzOut.

"Samples of SunBird have been found hosted on third-party app stores, indicating one possible distribution mechanism," the researchers detailed.

Interestingly, the C2 infrastructure shared by Hornbill and SunBird reveals further connections with other stalkerware operations conducted by the Confucius group - including a publicly-accessible 2018 Pakistani government advisory warning of a desktop malware campaign targeting officers and government personnel - implying that the two tools are used by the same actor for different surveillance purposes.

Although India has been a relatively new entrant in the spyware and surveillance sector, Citizen Lab researchers last June outed a mercenary hack-for-hire group based in Delhi called BellTroX InfoTech that aimed to steal credentials from journalists, advocacy groups, investment firms, and an array of other high-profile targets.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/yndzor9jawU/researchers-uncover-android-spying.html