This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Targeted attack tied to Tibet leads to malicious Android app download

Share this article:
Android botnet detected that uses victims' devices to send SMS spam
Android botnet detected that uses victims' devices to send SMS spam
A spear-phishing attack that installs a malicious Android application has been detected by Kaspersky Lab.

According to research by Kaspersky Lab experts Costin Raiu, Kurt Baumgartner and Denis Maslennikov, targeted messages were sent to activists and human rights advocates after the email account of a high-profile Tibetan activist was hacked.

The messages that were sent, included an APK attachment, and a malicious program for Android, which downloaded "WUC's Conference.apk" that Kaspersky Lab believed to be deliberately related to the World Uyghur Conference and said the attachment was a letter on behalf of the organisers. The conference took place earlier this month in Geneva.

If a recipient opens the attachment, it displays a letter while malware secretly reports the infection to a command-and-control (C&C) server and sends out data including: contacts (stored both on the phone and the SIM card); call logs; SMS messages; geolocation data; and phone data (phone number, OS version, phone model, SDK version).

Kaspersky Lab said that despite there being hundreds, if not thousands, of targeted attacks against Tibetan and Uyghur supporters, the vast majority of these target Windows machines through Word documents exploiting known vulnerabilities such as CVE-2012-0158, CVE-2010-3333 and CVE-2009-3129.

“In this case, the attackers hacked a Tibetan activist's account and used it to attack Uyghur activists. It indicates perhaps an interesting trend that is exploiting the trust relationships between the two communities,” the researchers said.

“The current attack took advantage of the compromise of a high-profile Tibetan activist. It is perhaps the first in a new wave of targeted attacks aimed at Android users. So far, the attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques.”
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Targeted spear phishing campaign targets governments, law enforcement

Targeted spear phishing campaign targets governments, law enforcement

Kaspersky Lab claims to have identified a highly targeted spear phishing campaign that picks on high profile victims - including government, military, law enforcement agencies and embassies.

Malaysian investigators 'hacked' for confidential MH370 records

Malaysian investigators 'hacked' for confidential MH370 records

Around 30 computers at Malaysian law enforcement agencies looking into the disappearance of the MH370 airplane have reportedly been hacked, with perpetrators making off with confidential data on the aircraft.

75,000 reasons not to jailbreak your iPhone or iPad

75,000 reasons not to jailbreak your iPhone or ...

Malicious AdThief malware replaces adverts appearing on Apple users screens