Android malware now being used to target political activists

by: J. Angelo RacomaMarch 28, 2013
Image credit: Wikinotica

Image credit: Wikinotica

As much as we would rather not report on yet another Android malware scare (we think security issues are overblown and that any platform is vulnerable, anyway), this one seems to be a first in the Android ecosystem. Security researchers have discovered what may be the first targeted Android malware attack, which is basically a smartly-crafted social engineering attack that specifically targeted a Tibetan activist, with the intent of spreading itself through the target’s contacts, thereby gaining access to their devices and information.

According to Russian security company Kaspersky Labs, hackers broke into the victim’s email account and distributed Android malware to this person’s contact list. The malware did the following:

  • The lure was a supposed statement on a recent conference organized by the World Uyghur Congress (WUC), which brought together democracy and human-rights activists from Tibet, Southern Mongolia and East Turkestan.
  • The attachment was supposedly a letter from related organizations — something that should pique the interest of any human-rights activist wanting to further their cause.
  • The file is actually an Android APK that installs itself as an app called “Conference.” When opened, the app actually presents a fake message supposedly from the WUC chairman.
  • The payload, however, is actually a backdoor to the server that can be controlled via SMS. This way, the phone can be controlled even without a data connection (or will perhaps activate a connection).
  • The app sends back a message to the hackers’ servers reporting a successful installation. The app then sends the user’s contact list, SMS messages, call logs, geo-location data, basically all relevant data that a spy would want.

According to Kaspersky, the server is located at a Los Angeles-based data center, and the box actually hosts other Android malware. The server hosts a web-based interface that gives hackers remote-control access to their “slave” smartphones. The fact that the UI is in Chinese is probably indicative of the source of the attacks. The server’s IP address is actually registered to a Chinese company in Beijing.

Cyber-warfare is deemed to be the next frontier in warfare, which is why even the US government is actually beefing up its security assets. This even includes hiring talented hackers straight out of school, in the hope of improving both offensive and defensive capabilities. Meanwhile, restrictive regimes are likely to want to keep tabs on their supposed “enemies of the state.” And because data contained in smartphones will usually contain potentially incriminating contact lists, messages and even location data, this makes the targeted attack all the more effective.

True enough, Android malware won’t eat your children, but this doesn’t mean you can go ahead and be carefree or careless with the apps you install. This especially goes if you know you have enemies (online or otherwise), and you have information to protect.

  • Tashi

    This is not the first time and wont be the last either by the CCP todo something like this.China will never become a respected super power nation due to poor behavior. Chinese govt. think they are smart, they don’t realize how stupid it makes them look doing these things. The communist party will come to an end for sure.

    • Irrelevant

      Like it’s only China’s communist party doing this?

  • zcat

    So in order to be affected by this, the victims would have had to

    1) Allow third party apps, ignoring a warning that this could expose them to malware.

    2) Click on a file in email that had an APK extension, ignoring another warning that this could expose them to malware.

    3) Ignore a request for permissions from a suspicious untrusted app that wanted access to the user’s contact list, existing SMS messages, call logs, geo-location data, internet access and permission to send SMS even though there should have been no reason for it to need any of these permissions?

    Yeah, obviously viruses are a huge problem in the Android environment.