New evidence uncovered by Amnesty International and Forbidden Stories has revealed a massive wave of attacks by cyber surveillance company NSO Group’s customers on iPhones, potentially affecting thousands of Apple users worldwide.
Lookout, Inc. announced the discovery of two novel Android surveillanceware, Hornbill and SunBird. The Lookout Threat Intelligence team believes these campaigns are connected to the Confucius APT, a well-known pro-India state-sponsored advanced persistent threat group. Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS message content, encrypted messaging app content, geolocation, contact information, call logs, as well as file and directory listings. The surveillanceware targets personnel linked to Pakistan’s military and nuclear authorities and Indian election officials in Kashmir.
The Lookout Threat Intelligence team has discovered four Android surveillanceware tools, which they named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle. These four interconnected malware tools are elements of much larger mAPT (mobile advanced persistent threat) campaigns originating in China, and primarily targeting the Uyghur ethnic minority, says the team.
Lookout researchers, who were investigating potentially malicious mobile applications pertaining to COVID-19, discovered an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign operating out of Libya and targeting Libyan individuals.
