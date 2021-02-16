Last week, US-based cybersecurity company Lookout said that two malware programs on an Android-based platform that emerged in India, called Hornbill and SunBird, have been spying on the Pakistani military, nuclear authorities, and Indian election officials in Kashmir.

According to Lookout, the two malwares have been linked to Confucius, an advanced persistent threat (APT) group thought to be state-sponsored and to have pro-India ties.

As per the report, the malware was focused on compromising the WhatsApp messaging platform and exfiltrating the content of conversations.

In its statement published on 10 February, Lookout said: "Targets of these tools include personnel linked to Pakistan’s military, nuclear authorities, and Indian election officials in Kashmir."

"Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS, encrypted messaging app content, and geolocation, among other types of sensitive information," it added.

Confucius was first detected in 2013 and has been linked to attacks against government entities in South Asia.

Although Confucius has created Windows malware in the past, the group has extended its capabilities to mobile malware since 2017 when the spying app ChatSpy came into existence.

The apps used by the group contain advanced capabilities, including taking photos from the camera, requesting elevated privileges, access to users' call logs, contacts, images, browser history and scraping WhatsApp messages, as well as being able to upload all information to the servers of the APT group.

While SunBird has a remote access function that can execute commands on a device by an attacker, Hornbill is a surveillance tool that can extract data from users.

"SunBird has been disguised as applications that include security services, such as the fictional ‘Google Security Framework’, Apps tied to specific locations (Kashmir News) or activities (Falconry Connect and Mania Soccer), Islam-related applications (Quran Majeed)," Lookout’s report said, adding that the majority of applications appeared to target Muslims.