Lookout Security Intelligence teams are continuously discovering and researching new threats to protect and advise our customers. We do this by combining static and dynamic analysis with our machine learning engine. Devices with Lookout installed can detect and be alerted to these two families and Lookout also protects against other sophisticated surveillanceware that could go undetected.
The Lookout Threat Intelligence team has discovered new Android surveillanceware with sophisticated capabilities. SunBird features remote access trojan (RAT) capabilities that can execute commands on an infected device directly from the attacker while Hornbill operates as a discreet surveillanceware tool that extracts particular data of interest to the attacker.
Each of these tools has been used to target personnel linked to Pakistan’s military, nuclear authorities, and Indian election officials in Kashmir. Both Hornbill and Sunbird
appear to be evolved versions of pre-existing commercial surveillanceware. There is also evidence of them being present across Europe, Southeast Asia, Russia, and the United States.
Considering that apps infected with these two pieces of malware are distributed via third party app stores, social engineering is likely the most effective way that they’re distributed. Both pieces of malware have extensive surveillance and data exfiltration capabilities including access to:
-Call logs -Geolocation - Contacts - SMS Messages - Photos -Installed apps -Browser history -WhatsApp messages -Calendar
-Requesting Admin Privileges -Taking screenshots & photos - Recording audio & calls - Scraping WhatsApp messages and contacts
September 15, 2023
Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign
September 19, 2023
September 18, 2023