Sunbird

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Sunbird, a malware that masquerades as an error-logging service, was used in an attempt to bring iMessage to Android devices. The method involved using Mac relays to trick Apple systems, with Sunbird and another platform, Nothing Chats, running on the same service. An Android smartphone manufacturer, Nothing, collaborated with Sunbird for this purpose. However, previous attempts to intercept iMessage by Beeper and similar apps, including Sunbird, were problematic from a security perspective, as they simply routed iMessage traffic through a Mac Mini in a server rack, leaving messages vulnerable. Recently, both Nothing Chats and Sunbird have faced serious security issues, leading to their removal from the Google Play Store. These issues came to light weeks after Nothing's iMessage-on-Android app was shut down amid allegations that the service did not encrypt messages and media as advertised by Nothing and its partner, Sunbird. Researchers discovered that despite the platform's claims, Sunbird lacked encryption, exposing messages to interception while in transit, or to Sunbird employees when stored on the platform's servers. In response to these security concerns, Sunbird announced its decision to temporarily suspend its services. This decision was communicated to users via a push notification stating, "Dear Sunbird User. We have decided to pause Sunbird usage for now while we investigate security concerns. We will update you when we are ready to proceed." Sunbird Software also reported that 83% of enterprise data center operators have increased their rack densities over the past three years, suggesting a growing need for tools like DCIM platforms to manage infrastructure, prevent outages, and maintain uptime.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Confucius
1
Confucius is a threat actor primarily involved in cyberespionage campaigns, with notable activities against Pakistan since 2013. The group has been linked to the India-Pakistan conflict and has been identified as using novel Android spyware, Hornbill and SunBird, to scrape call logs and WhatsApp mes
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Imessage
Government
Apt
Spyware
Reddit
Encryption
Encrypt
Whatsapp
Android
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
HornbillUnspecified
1
None
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sunbird Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Apple’s newest headache: An app that upended its control over messaging
CERT-EU
7 months ago
Apple responds to the Beeper iMessage saga: ‘We took steps to protect our users’
CERT-EU
7 months ago
Apple may have already killed Android's newest iMessage app | Digital Trends
CERT-EU
7 months ago
Nothing Fixed This CMF Watch App Security Flaw That Could Expose User Data
CERT-EU
8 months ago
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
CERT-EU
8 months ago
Nothing Chats Partner Sunbird Informs Users of 'Temporary' Shutdown
Malwarebytes
8 months ago
Nothing Chats pulled from Google Play | Malwarebytes
CERT-EU
10 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Targeting of government authorities in Pakistan and Kashmir
CERT-EU
a year ago
The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power – Global Security Mag Online