BlackBerry Releases Mobile Malware Report; Reveals Pervasive Mobile Malware Dimension in Cross-Platform Advanced Persistent Threat Espionage Campaigns

October 23, 2019

WATERLOO, Ont. – October 23, 2019  BlackBerry Limited (NYSE: BB; TSX: BB), today released a new mobile malware report, Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform, which examines how advanced persistent threat (APT) groups have been leveraging mobile malware in combination with traditional desktop malware in ongoing surveillance and espionage campaigns.

“This research demonstrates that mobile attacks are much more pervasive of a threat than previously estimated,” says Eric Cornelius, Chief Technology Officer at BlackBerry Cylance. “It should come as a surprise to many to learn how coordinated and long-standing the campaigns targeting mobile users have been, as they have been easy targets for APT groups because of a historical deficit in effective security solutions for detecting and preventing mobile malware.”

The report documents several previously unidentified APT attack campaigns and new malware families and fills gaps in other published research about mobile malware activity by known APT groups. The researchers examined mobile and mobile/desktop campaigns by APT groups connected to China, Iran, North Korea and Vietnam, as well as two other unidentified but likely state-sponsored threat actors, all of whom were focused on foreign and/or domestic targets for economic and/or political objectives. 

Previously unidentified intelligence the report reveals includes: 

  • A newly identified threat actor dubbed BBCY-TA2 is utilizing a newly identified Android malware family dubbed PWNDROID3 in combination with a newly identified Windows malware family dubbed PWNWIN1 that is distributed via bogus mobile applications that mimic a popular bitcoin cashing application in a newly identified cross-platform campaign dubbed OPERATION DUALCRYPTOEX
  • A newly identified threat actor dubbed BBCY-TA3 engaged in economic espionage against targets that include a range of Western and South Asian commercial enterprises in the telecommunications space as well as nearly every chemical manufacturing company in the world outside of China and is sharing attack infrastructure with BBCY-TA2
  • A newly discovered cross-platform espionage campaign dubbed OPERATION OCEANMOBILE conducted by APT group OCEANLOTUS is employing a newly identified Android malware family dubbed PWNDROID1 that is being delivered via a sophisticated trio of fake mobile applications
  • A newly identified cross-platform espionage campaign dubbed OPERATION DUALPAK by APT group BITTER is targeting the Pakistani military leveraging a newly identified mobile malware family dubbed PWNDROID2 that is being distributed via fake applications, SMS, WhatsApp and other social media platforms
  • A second newly identified cross-platform espionage campaign leveraging interest in the recent Kashmir crisis, dubbed OPERATION DUALPAK2 and conducted by CONFUCIUS, is targeting the Pakistani government and military utilizing a newly identified Windows malware family dubbed PWNWIN2 which was distributed by way of a JavaScript version of a chat application

As mobile devices grow in type and adoption, they provide a quick means to access sensitive data from select targets. This report highlights that mobile malware use by state or state-sponsored APT groups far exceeds what was previously estimated as a more limited attack vector. The report also reveals that APT groups are actively using mobile malware in conjunction with traditional desktop malware campaigns, that threat actors with distinctly different target sets are sharing attack infrastructure, and that some APTs are pivoting focus from domestic to foreign targets.

“Both organizations and consumers should be very concerned about what this means for not only their information, but also the safety and security of the countries in which they reside,” says Brian Robison, Chief Evangelist at BlackBerry Cylance. “It’s clear that the market for exploits targeting mobile devices has skyrocketed, and the sheer scale of what we found - mobile malware that is interwoven with desktop malware campaigns - shows definitively that several nation states are getting in on the mobile campaign action. It is essential that organizations utilize the utmost advanced technology to protect and secure the mobile landscape.” 


About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) is a trusted security software and services company that provides enterprises and governments with the technology they need to secure the Internet of Things. Based in Waterloo, Ontario, the company is unwavering in its commitment to safety, cybersecurity and data privacy, and leads in key areas such as artificial intelligence, endpoint security and management, encryption and embedded systems. For more information, visit and follow @BlackBerry.

Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners.


Media Contact:
BlackBerry Media Relations 
(519) 597-7273