Watch out! In China, specially-made infectious Android apps may be being used to spy on you! Security researchers at Kaspersky say they’ve found evidence of a targeted malware attack against Chinese dissidents, used to steal information from Android devices, including contacts, call logs, and messages.
Tech in Asia reports:
It started earlier this week when, the Kaspersky team explains, “the e-mail account of a high-profile Tibetan activist was hacked and used to send spear phishing e-mails to their contact list.” Attached to those mails is malware masquerading as a useful app related to an event with the file-name “WUC’s Conference.apk”. If a user downloads and installs the file (as needs to be done with any Android app), it “secretly reports the infection to a command-and-control server” and begins stealing infomation on the human rights worker.
Until now, we haven’t seen targeted attacks against mobile phones in the wild, although we’ve seen indications that these were in development. It is perhaps the first in a new wave of targeted attacks aimed at Android users. So far, the attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques.
Credit: Tech in Asia
The malware that Kaspersky investigated relied upon the user installing the effected app on their phone themselves. A phishing email was sent out to various Tibetan and Uyghur dissidents, attached to which was the malware, posing as a summary of the recent World Uyghur Congress.
The sophistication of Chinese hackers, government backed or not, is undeniable. In February, security firm Mandiant claimed that a PLA-run cyber warfare team were operating out of an office block in downtown Shanghai.