Researchers Spotted Two Android Spyware Linked to Confucius

February 12, 2021 admin OSINT, Security, threatintel

Click the icon to Follow me:-

Researchers at cybersecurity firm Lookout have published information on two recently discovered Android spyware families utilized by an advanced persistent threat (APT) group named Confucius. Lookout said that two malware strains, named Hornbill and SunBird, have been linked to Confucius, a group thought to be state-sponsored and to have pro-India ties.

AMD Ryzen 9 3900X 12-core, 24-thread unlocked desktop processor with Wraith Prism LED Cooler $484.00

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more

(as of February 28, 2021 - )

AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler ~~$389.99~~ $377.10

AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more

(as of February 28, 2021 - )

AMD Ryzen 5 2600 Processor with Wraith Stealth Cooler - YD2600BBAFBOX ~~$199.00~~ $189.99

System ram type: DDR4_sdram

(as of February 28, 2021 - )

First detected in 2013, Confucius has been linked to assaults against government entities in Southeast Asia, as well as targeted strikes against Pakistani military personnel, Indian election officials, and nuclear agencies. “Hornbill and SunBird have both similarities and differences in the way they operate on an infected device” reads the report published by Lookout. “While SunBird features remote access trojan (RAT) functionality – a malware that can execute commands on an infected device as directed by an attacker – Hornbill is a discreet surveillance tool used to extract a selected set of data of interest to its operator.”

The team’s analysis of the malware recommends that Hornbill is based on MobileSpy, a commercial stalker ware application for remotely observing Android gadgets that were retired in 2018. SunBird, however, seems to have a comparable codebase to BuzzOut, an old type of spyware created in India. Confucius was known to have utilized ChatSpy for surveillance purposes back in 2017, yet it is felt that both Hornbill and SunBird originated before this malware. There doesn’t appear to be any new campaigns utilizing SunBird–accepted to have been in active development between 2016 and early 2019; in any case, Hornbill has been found in a rush of assaults dating from December 2020.

Both malware variations, however, can steal information including gadget identifiers, call logs, WhatsApp voice notes, contact records, and GPS location information. Also, they can request administrator privileges on an undermined gadget, take screenshots and photographs, and record sound both when calls are taking place or just as environmental noise. SunBird’s abilities go past Hornbill’s as this malware is likewise ready to grab browser histories, calendar information, BlackBerry Messenger (BBM) content, and more extensive WhatsApp content including documents, databases, and pictures. SunBird will likewise attempt to upload stolen information to a command-and-control (C2) server at more normal spans than Hornbill.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.