Android spyware strains linked to state-sponsored Confucius threat group
On Tuesday, cybersecurity firm Lookout reported that they had uncovered evidence linking two malware strains recently targeting Android devices to Confucius, a pro-India state-sponsored hacking group. The two strains, called Hornbill and SunBird, are both forms of Android spyware seemingly focused on compromising the Whatapp messaging platform and stealing the content of conversations.
Confucius has been behind attacks against Southeast Asian government entities, targeted strikes against Pakistani military personnel, Indian election officials, and nuclear agencies. The group has been around since 2013 and typically gears towards intelligence collection and data theft rather than hacking for profit. Lookout’s analysis of the malware concluded that Hornbill is a commercial stalkerware app that was retired in 2018. Confucius is known to have used ChatSpy for surveillance purposes back in 2017, however, SunBird began to be used in 2019 and Hornbill in 2020.