Skip to main content

First-Known Targeted Malware Attack On Android Phones Steals Contacts And Text Messages


Malicious software is nothing new to the cyber security world. So-called malware is what unscrupulous folk use to disrupt or gather sensitive data from our desktop computers. Targeted attacks with malware have been relatively unseen on smartphones, those other computers we carry around that are teeming with personal data.

Now, however, security researchers at Kaspersky Labs say they’ve uncovered the first-known targeted malware attack on Android phones. The victims were specifically Tibetan activists, but the disclosure underlines the broader possibilities for targeted cyber attacks on smartphones.

The attack relied heavily on social engineering, a kind of verbal manipulation, to hack into their targets’ devices. Kaspersky explains that on March 24, the attackers infiltrated the email account of a high-profile Tibetan activist, and used that account to send a spear-phishing email to their contacts list.

The email looked like this:

Notice that it included an attachment, called “WUC’s Conference.apk.” Several activist groups had recently organized a human rights conference in Switzerland. (Kaspersky say they’ve seen several attacks mentioning this event as a baiting tool.)

People who opened that e-mail on an Android smartphone, along with the attached Android Package (APK) file, would find that the file opened an Android application. Once installed, the app called “Conference” would appear on the desktop:

If a user went on to open the app, they’d see a window of text with information about the upcoming “conference.” (See below) At this point, some might have noticed the misspelling of “World” as “Word.”













As the target is reading the message, malicious software they had inadvertently installed would report back to a command-and-control server, before collecting information from the phone. According to Kaspersky, that information would include:

- Contacts that are stored on both the phone and the SIM card

- Call logs

- SMS messages

- Geo-location

- Data about the phone, including the phone number, what version OS it uses and the phone model.

Once the victim received a text message that included a certain protocol, the malware would send the collected data back to the command-and-control server.

Who were the perpetrators? Kaspersky mentions that throughout the malware’s code, the attackers included various messages in Chinese. Since this was probably done for debugging purposes, the malware may be an early prototype. The IP address for the command and control server points to Los Angeles, California, but a domain which used to point there was registered on March 8, by one Shanghai Meicheng Technology Information Co., Ltd, with contact details for the registrar pointing to Beijing.

There are other strong indications that the attackers were Chinese speakers, Kaspersky notes, adding that this is also just one of thousands of targeted cyber attacks on Tibetan and Uyghur supporters. The vast majority of attacks like these have target Windows via exploits in Word.

“Until now, we haven’t seen targeted attacks against mobile phones in the wild, although we’ve seen indications that these were in development,” the researchers said. “It is perhaps the first in a new wave of targeted attacks aimed at Android users. So far, the attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques.”

(via -Forbes )

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

HTC One to sell as TD 101 at China Mobile

HTC decided to invest in such a brand by launching the One series of smartphones last year, although the company was not able to impose its own product names to certain carriers. Then, just a few days ago, the company launched the HTC One, which is going to be the company’s only One-branded handset this year, a make-or-break kind of project for the Taiwanese Android maker that’s still having a tough time fighting against the competition, especially Samsung. We were under the impression that HTC will further invest in its One brand and not budge to carrier demands anymore when it comes to changing the name of the product – in the U.S., AT&T, Sprint and T-Mobile are going to sell it as the HTC One. But it looks like things aren’t necessarily so, and no, it’s not Verizon that’s going to get its way selling the One as the Droid DNA Plus, as it was recently rumored. We’re looking at China Mobile this time around, which has announced the HTC One as the HTC TD 101. That’s certa...
Post a Comment
Read more

iPad (2022) and iPad Pro with M2 announced

Apple has announced their latest iteration of the iPad (entry level model) and the iPad Pro lineup with the new M2 processor. The event, held on the 18th of October as a recorded session displayed the key features of the iPads with the most significant being the base model iPad which has now received an upgrade. iPad 2022 This model of the base model iPad ditches the almost 12 year old home button and display layout and goes for a cleaner display only design found on the iPad Air . The chassis, which now comes with flatter sides and a TouchID fingerprint sensor on the top has also abandoned the lightning port in favor of USB C and it also comes with a set of pogo style connectors for accessories including a keyboard with trackpad.  Internally, the iPad comes either as a Wifi only (Wifi6) and a 5G cellular model and is offered with 64 or 256GB of storage. The processor has also been upgraded to the Apple A14 which is the same found on the iPhone 12 series and last year's iPad Air. L...
1 comment
Read more

Apple iPhone 8 , 8 Plus and iPhone X announced

Apple has officially announced the iPhone 8  , the iPhone 8 Plus and the iPhone X today at their special event held in Cupertino , California . The three new smartphones , announced right along side their new Apple TV 4K and the Apple Watch Series 3 with cellular support ,mark a new beginning for Apple as they set out to further refine the 10 year old legacy set by the original iPhone almost 10 years back . iPhone 8 and 8 Plus The iPhone 8 and 8 Plus are basically successors to last year's iPhone 7 and 7 Plus models , the new duo - designed with glass backs and a metal frame , says goodbye to Apple's aluminum unibody construction as the new iPhones feature Qi Wireless charging (Metal backs are not very good for inductive charging ) . The phones , which still feature the same display sizes - 5.5" - iPhone 8 Plus and 4.7 " on the iPhone 8 will not "wow" anyone as they still feature no major resolution bump as well .But as they say , true beauty is ...
Post a Comment
Read more