This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Targeted attack tied to Tibet leads to malicious Android app download

Share this article:
Android botnet detected that uses victims' devices to send SMS spam
Android botnet detected that uses victims' devices to send SMS spam
A spear-phishing attack that installs a malicious Android application has been detected by Kaspersky Lab.

According to research by Kaspersky Lab experts Costin Raiu, Kurt Baumgartner and Denis Maslennikov, targeted messages were sent to activists and human rights advocates after the email account of a high-profile Tibetan activist was hacked.

The messages that were sent, included an APK attachment, and a malicious program for Android, which downloaded "WUC's Conference.apk" that Kaspersky Lab believed to be deliberately related to the World Uyghur Conference and said the attachment was a letter on behalf of the organisers. The conference took place earlier this month in Geneva.

If a recipient opens the attachment, it displays a letter while malware secretly reports the infection to a command-and-control (C&C) server and sends out data including: contacts (stored both on the phone and the SIM card); call logs; SMS messages; geolocation data; and phone data (phone number, OS version, phone model, SDK version).

Kaspersky Lab said that despite there being hundreds, if not thousands, of targeted attacks against Tibetan and Uyghur supporters, the vast majority of these target Windows machines through Word documents exploiting known vulnerabilities such as CVE-2012-0158, CVE-2010-3333 and CVE-2009-3129.

“In this case, the attackers hacked a Tibetan activist's account and used it to attack Uyghur activists. It indicates perhaps an interesting trend that is exploiting the trust relationships between the two communities,” the researchers said.

“The current attack took advantage of the compromise of a high-profile Tibetan activist. It is perhaps the first in a new wave of targeted attacks aimed at Android users. So far, the attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques.”
Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.