Hornbill Malware

The Hornbill Malware is a threat belonging to the arsenal of the Confucious APT. The Hornbill Malware works as covert spyware, which runs on Android devices exclusively. The first activities to involve the Hornbill Malware date back to May 2018, but the implant is still receiving regular updates to this very day. Malware researchers state that the Hornbill Malware shares many similarities with MobileSpy, an old Android spyware toolkit that was sold commercially. Contrary to the SunBird Malware's aggressive behavior, the Hornbill Malware is meant to be much more silent. Because of this, its features might be more limited, but it is less likely to raise any red flags. Some of Hornbill Malware's abilities include:

• Collecting call logs and contacts.
• Grabbing device hardware and software information.
• Collecting WhatsApp voice notes.
• Collecting images from the SD card.
• Record environment audio.
• Take photos with the front and rear cameras.
• Grab screenshots.

The SunBird Malware goes after a wide range of messaging applications. It seems that the Hornbill Malware goes after WhatsApp communication exclusively. In addition to this, the implant can collect specific files from the internal and external storage – usually, the criminals go after documents when abusing this feature.

Both the Hornbill Malware and the SunBird Malware are used against users in Pakistan, which is not a surprise considering that the Confucius APT is heavily involved in the cyber warfare between India and Pakistan. Users can keep their devices safe by using up-to-date security software and only interacting with trustworthy sites and files.