Home / malwarePDF  


First posted on 18 March 2021.
Source: SecurityHome

Aliases :

SunBird is also known as Confucius APT.

Explanation :

The SunBird Malware is an Android implant used by an India-based Advanced Persistent Threat (APT) actor tracked under the alias Confucius APT. The majority of their attack campaigns are carried out against Pakistani targets, and the Hornbill Malware is one of the latest Android implants to become a part of their arsenal. According to cybersecurity experts, significant portions of the SunBird Malware's source code appear to be identical to the ones seen in MobileSpy, a commercial Android spyware product that is discontinued.

The SunBird implant is likely to be used for more aggressive surveillance and data theft campaigns. Some of its features include:

  • Grab a list of installed Android applications.

  • Collect calendar and browser information.

  • Hijack data from Blackberry Messenger, as well as directories used to store documents, images and audio.

  • Hijack WhatsApp data.

  • Hijack data from the IMO messaging application.

  • Download additional content from the attacker's server.

  • Execute remote commands.

In addition to all this, the Hornbill Malware can also collect text messages, call logs, screenshots, photos and more. Last but not least, the Hornbill Malware's operators can command the threat to collect specific types of files such as DOC, PDF, PPT, DOCX, TXT, XLSX and PPTX.

The malware is being spread via corrupted APK files hosted on 3rd-party application store services, as well as via direct phishing messages. Its attacks are preventable with the use of up-to-date Android anti-malware software, as well as by being more careful about the types of online content you interact with.

Last update 18 March 2021