A couple of malware programs having ties with Indian military have been detected spying on Pakistan Army, said a US-based cybersecurity company. The company revealed that the malware is an Android-based platform.
Lookout Inc., a California-based provider of mobile security solutions said in a report dated February 10 that it had discovered the two malware -Hornbill and SunBird- being used by a cyber-group ‘Confucius’ which first appeared in 2013 as “a state-sponsored, pro-India actor primarily pursuing Pakistani and other South Asian targets”.
The report stated,
“Targets of these tools include personnel linked to Pakistan’s military, nuclear authorities, and Indian election officials in Kashmir.”
“Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS, encrypted messaging app content, and geo-location, among other types of sensitive information,” added the report.
In the past, Confucius had created malware for Windows operating systems, but the cyber-group has been known developing mobile malware since 2017 when the spying app ChatSpy was created.
Hornbill is a surveillance tool that can extract data from users. While, SunBird has a remote access function that can execute commands on a device by an attacker.
“SunBird has been disguised as applications that include Security services, such as the fictional Google Security Framework, Apps tied to specific locations (Kashmir News) or activities (Falconry Connect and Mania Soccer), Islam-related applications (Quran Majeed),” the report said.
Most of these application appear to target Muslims, the report added.
The two malware, via fake applications, can access users’ call logs, contacts, images, browser history, and they take screenshots and photos with the device camera.
The cybersecurity’s analysis revealed the common targets include an “individual who applied for a position at the Pakistan Atomic Energy Commission, individuals with numerous contacts in the Pakistan Air Force (PAF), as well as officers responsible for electoral rolls (Booth Level Officers) located in the Pulwama district of Kashmir.”
The report added,
“The data included information on victims in Europe and the United States, some of which appear to be targets of spouse ware or stalker were. It also included data on Pakistan nationals in Pakistan, India, and the United Arab Emirates (UAE) that we believe may be targeted by Confucius APT campaigns between 2018 and 2019.”
Earlier, in 2020, the Brussels-based EU DisinfoLab uncovered a vast network of 265 coordinated fake local media outlets in 65 countries serving Indian interests and undermine Pakistan.