US-based Cybersecurity company, Lookout, revealed that two Indian malware programs on an Android-based platform have been spying on the Pakistani military.
A report by Lookout, a US-based cybersecurity firm, revealed last week that two programs on Android-based platform, emerged in India, called Hornbill and SunBird have been spying on the Pakistani military nuclear authorities, and the Indian election officials in Kashmir. These two malwares have been linked to Confucius, which first appeared in 2013 as “a state-sponsored, pro-India actor primarily pursuing Pakistani and other South Asian targets.”
The report further revealed that the malware was used to compromise the WhatsApp messaging platform and exfiltrating the content of conversations.
In its statement published on 10 February, Lookout said: “Targets of these tools include personnel linked to Pakistan’s military, nuclear authorities, and Indian election officials in Kashmir.”
“Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS, encrypted messaging app content, and geolocation, among other types of sensitive information,” it added.
Moreover, Confucius had created in the past malware for Windows operating systems, but now the group has extended its capabilities to mobile malware since 2017 when the spying app ChatSpy came into existence.
The application, group used has advanced capabilities, including taking photos from the camera, requesting elevated privileges, access to users’ call logs, contacts, images, browser history and scraping WhatsApp messages. It can also upload all information to the servers to the advanced persistent threat (APT) group.
In addition, some major targets included an ”individual who applied for a position at the Pakistan Atomic Energy Commission, individuals with numerous contacts in the Pakistan Air Force (PAF), as well as officers responsible for electoral rolls (Booth Level Officers) located in the Pulwama district of Kashmir”, the analysis found.
Hornbill is an investigating tool that can extract data from users. “SunBird has been disguised as applications that include security services, such as the fictional ‘Google Security Framework’, Apps tied to specific locations (Kashmir News) or activities (Falconry Connect and Mania Soccer), Islam-related applications (Quran Majeed),” Lookout’s report said, adding that the majority of applications appeared to target Muslims.