Pro-India hackers use Android spyware to spy on Pakistani military

 

Image © to bleeping computer

This week a report has revealed details on two Android spyware strains leveraged by state-sponsored threat actors during the India-Pakistan conflict.

The malware strains named Hornbill and SunBird have been delivered as fake Android apps (APKs) by the Confucius advanced persistent threat group (APT), a pro-India state-sponsored operation known to spy on Pakistani and South Asian targets, since at least 2013.

Although Confucius has created Windows malware in the past, the group has extended its capabilities to mobile malware since 2017 when the spying app ChatSpy came into existence.

The apps used by the group contain advanced capabilities including taking photos from the camera, requesting elevated privileges, scraping WhatsApp messages, and uploading all this information to the servers of the APT group.

Spies on Pakistan’s military, nuclear facilities via fake apps

A report from California-based cybersecurity firm Lookout has revealed counterfeit Android apps laden with malware that was used by pro-India actors to spy on Pakistan’s military and nuclear authorities, in addition to Kashmir’s election officials.

Counterfeit Android apps published by the group include  “Google Security Framework,” and apps with a regional significance such as, “Kashmir News”, “Falconry Connect”, “Mania Soccer” and “Quran Majeed” as a part of this espionage operation.

According to Lookout researchers Apurva Kumar and Kristin Del Rosso, the apps associated with SunBird have a more extensive set of capabilities than Hornbill and keep running their data exfiltration sequence at regular intervals.

“Locally on the infected device, the data is collected in SQLite databases which are then compressed into ZIP files as they are uploaded to C2 infrastructure,” state the researchers.

The following kinds of data is gathered by SunBird and sent to the threat actors.

  • List of installed applications
  • Browser history
  • Calendar information
  • BlackBerry Messenger (BBM) audio files, documents and images
  • WhatsApp Audio files, documents, databases, voice notes and images
  • Content sent and received via IMO instant messaging application

Apps powered by SunBird can also perform the following actions:

  • Download attacker specified content from FTP shares
  • Run arbitrary commands as root, if possible
  • Scrape BBM messages and contacts via accessibility services
  • Scrape BBM notifications via accessibility services
     

The researchers analyzed over 18 GB of exfiltrated data obtained from six or more publicly exposed C2 servers.

This leaked data revealed the nation-state actors' targets included potential candidates for Pakistan Atomic Energy Commission, individuals with close links to Pakistan Air Force (PAF), and the election officers who oversee the electoral process within the Pulwama district of Kashmir.


©Source : bleepingcomputer.com


Comments

Post a Comment

Please write your comments, suggestions and feedback.

Popular posts from this blog

Check Aadhaar PAN Link Status and Link with

Image
Here is the step by step instructions to check your AADHAAR PAN link status and how to link with  Linking your Aadhaar and PAN is a mandatory requirement for Indian citizens, as per Section 139AA of the Income Tax Act. Linking the two will help in eliminating duplicate PANs and making the tax system more efficient. To check the status of your Aadhaar-PAN link, you can visit the Income Tax e-Filing website (https://www.incometax.gov.in/iec/foportal/) and click on the "Link Aadhaar" option under the "Quick Links" section. From there, you will be able to check the status of your Aadhaar-PAN link. Alternatively, you can also check the status by sending an SMS in the format UIDPAN<SPACE><12 digit Aadhaar number><SPACE><10 digit PAN> to 567678 or 56161. Check Status To link Aadhaar and PAN, you can follow the below steps: Visit the Income Tax e-filing website: https://www.incometaxindiaefiling.gov.in/home Click on the "Link Aadhaar" optio
Read more