Security News > 2021 > February > Pro-India hackers use Android spyware to spy on Pakistani military
The malware strains named Hornbill and SunBird have been delivered as fake Android apps by the Confucius advanced persistent threat group, a pro-India state-sponsored operation known to spy on Pakistani and South Asian targets, since at least 2013.
A report from California-based cybersecurity firm Lookout has revealed counterfeit Android apps laden with malware that was used by pro-India actors to spy on Pakistan's military and nuclear authorities, in addition to Kashmir's election officials.
Counterfeit Android apps published by the group include "Google Security Framework," and apps with a regional significance such as, "Kashmir News", "Falconry Connect", "Mania Soccer" and "Quran Majeed" as a part of this espionage operation.
BleepingComputer was able to obtain and analyze a copy of one such SunBird Android app called Falconry Connect.
The researchers stress that none of these apps were distributed via Google Play or any authorized app store.
Mobile users are advised to download apps only from the official app stores and avoid risky websites providing bootleg Android APKs and iOS APPs.
News URL
Related news
- Chinese hackers use custom malware to spy on US telecom networks (source)
- New North Korean Android spyware slips onto Google Play (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT (source)
- Cybersecurity firm buying hacker forum accounts to spy on cybercriminals (source)