Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Android has once again become a tool in the hands of app developers.
The report of the Anti-AVL Threat Intelligence Team describes the activities of the Confucius APT Group (APT59), which has been active since 2013. The main targets of the group's attacks are government agencies, military and nuclear facilities in Pakistan and other South Asian countries.
According to AVL, Confucius uses malware for Android SunBird and Hornbill to steal data from devices. It is noted that app activity has been tracked since May 2023.
Fake App
The apps are distributed as Google updates and ask for various permissions on the victim's device. After authorization, the app asks for Device Manager permissions. After the permission is successfully applied, the sample hides the icon. After obtaining permissions, photos, messages, contacts, chats from WhatsApp, terminal user data, and information about connected mobile devices are stolen from the device. In addition, the app implements autoplay in smartphones from Xiaomi, Oppo, vivo, letv and Honor.
The attacks use servers with IP addresses belonging to the United States. The attacks are mainly focused on Kashmir and other regions of India. More than 50 victims were found, including civil servants in Kashmir, the military, and employees of the Indian cosmetics company Baccarose.
The report of the Anti-AVL Threat Intelligence Team describes the activities of the Confucius APT Group (APT59), which has been active since 2013. The main targets of the group's attacks are government agencies, military and nuclear facilities in Pakistan and other South Asian countries.
According to AVL, Confucius uses malware for Android SunBird and Hornbill to steal data from devices. It is noted that app activity has been tracked since May 2023.
Fake App
The apps are distributed as Google updates and ask for various permissions on the victim's device. After authorization, the app asks for Device Manager permissions. After the permission is successfully applied, the sample hides the icon. After obtaining permissions, photos, messages, contacts, chats from WhatsApp, terminal user data, and information about connected mobile devices are stolen from the device. In addition, the app implements autoplay in smartphones from Xiaomi, Oppo, vivo, letv and Honor.
The attacks use servers with IP addresses belonging to the United States. The attacks are mainly focused on Kashmir and other regions of India. More than 50 victims were found, including civil servants in Kashmir, the military, and employees of the Indian cosmetics company Baccarose.
