During the India-Pakistan dispute, a report this week published information about two Android spyware strains leveraged by state-sponsored threat actors.
Since at least 2013, the Confucius Advanced Persistent Threat Group (APT), a pro-India state-sponsored operation known to spy on Pakistani and South Asian targets, has delivered the malware strains called Hornbill and SunBird as fake Android apps (APKs).
While Windows malware has been developed by Confucius in the past, the group has increased its mobile malware capabilities since 2017, when the spying app ChatSpy was introduced.
The applications used by the group provide advanced features such as taking camera images, demanding elevated rights, scraping WhatsApp messages, and uploading all this information to the APT group servers.
A research by Lookout, a California-based cybersecurity company, revealed counterfeit Android apps laden with malware used by pro-India actors, in addition to Kashmir’s election officials, to spy on Pakistan’s military and nuclear authorities.
