This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Targeted attack tied to Tibet leads to malicious Android app download

Share this article:
Targeted attack tied to Tibet leads to malicious Android app download
Targeted attack tied to Tibet leads to malicious Android app download
A spear-phishing attack that installs a malicious Android application has been detected by Kaspersky Lab.

According to research by Kaspersky Lab experts Costin Raiu, Kurt Baumgartner and Denis Maslennikov, targeted messages were sent to activists and human rights advocates after the email account of a high-profile Tibetan activist was hacked.

The messages that were sent, included an APK attachment, and a malicious program for Android, which downloaded "WUC's Conference.apk" that Kaspersky Lab believed to be deliberately related to the World Uyghur Conference and said the attachment was a letter on behalf of the organisers. The conference took place earlier this month in Geneva.

If a recipient opens the attachment, it displays a letter while malware secretly reports the infection to a command-and-control (C&C) server and sends out data including: contacts (stored both on the phone and the SIM card); call logs; SMS messages; geolocation data; and phone data (phone number, OS version, phone model, SDK version).

Kaspersky Lab said that despite there being hundreds, if not thousands, of targeted attacks against Tibetan and Uyghur supporters, the vast majority of these target Windows machines through Word documents exploiting known vulnerabilities such as CVE-2012-0158, CVE-2010-3333 and CVE-2009-3129.

“In this case, the attackers hacked a Tibetan activist's account and used it to attack Uyghur activists. It indicates perhaps an interesting trend that is exploiting the trust relationships between the two communities,” the researchers said.

“The current attack took advantage of the compromise of a high-profile Tibetan activist. It is perhaps the first in a new wave of targeted attacks aimed at Android users. So far, the attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques.”
Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

UK banks to get independent pen-testing?

UK banks to get independent pen-testing?

The UK's Bank of England (BoE) is reportedly planning to carry out a major pen-testing exercise in the Autumn.

The cloud: rapid adoption and rising levels of attacks

The cloud: rapid adoption and rising levels of ...

Research just published claims to show that there has been a significant increase in attacks against cloud and on-premises IT systems.

Windows XP support to cost £120 a year per machine

Windows XP support to cost £120 a year ...

Microsoft has quietly slashed the cost of continuing to support Windows XP.