As much as we would rather not report on yet another Android malware scare (we think security issues are overblown and that any platform is vulnerable, anyway), this one seems to be a first in the Android ecosystem. Security researchers have discovered what may be the first targeted Android malware attack, which is basically a smartly-crafted social engineering attack that specifically targeted a Tibetan activist, with the intent of spreading itself through the target’s contacts, thereby gaining access to their devices and information.
According to Russian security company Kaspersky Labs, hackers broke into the victim’s email account and distributed Android malware to this person’s contact list. The malware did the following:
According to Kaspersky, the server is located at a Los Angeles-based data center, and the box actually hosts other Android malware. The server hosts a web-based interface that gives hackers remote-control access to their “slave” smartphones. The fact that the UI is in Chinese is probably indicative of the source of the attacks. The server’s IP address is actually registered to a Chinese company in Beijing.
Cyber-warfare is deemed to be the next frontier in warfare, which is why even the US government is actually beefing up its security assets. This even includes hiring talented hackers straight out of school, in the hope of improving both offensive and defensive capabilities. Meanwhile, restrictive regimes are likely to want to keep tabs on their supposed “enemies of the state.” And because data contained in smartphones will usually contain potentially incriminating contact lists, messages and even location data, this makes the targeted attack all the more effective.
True enough, Android malware won’t eat your children, but this doesn’t mean you can go ahead and be carefree or careless with the apps you install. This especially goes if you know you have enemies (online or otherwise), and you have information to protect.