Tibetan and Uyghur activists are once again targeted with a new malware,
specially designed for Android devices. This is the first documented
attack that targets Android smartphones. A targeted malware attack on Android phones that seems to come from a
China IP Address. The attack relied heavily on social engineering, a kind of verbal
manipulation, to hack into their targets’ devices.
Malware seeks to steal information like contacts, call logs, and SMS of people who work in the field of human rights. A command function that shows up prior to posting stolen data to the
command-and-control server at the URL:
hxxp://64.78.161.133/*victims's_cell_phone_number*/process.php.
On March 24, the attackers infiltrated the email account of a
high-profile Tibetan activist, and used that account to send a
spear-phishing email to their contacts list. Once the victim opens the
attachment on her Android phone, the file installs an application called
"conference" that will display some information about the Geneva conference. The target is reading the message, malicious software they had
inadvertently installed would report back to a command-and-control
server, before collecting information from the phone.
Are Researcher say "The attackers relied entirely on social engineering to infect the
targets. History has shown us that, in time, these attacks will use
zero-day vulnerabilities, exploits or a combination of techniques."
No comments:
Post a Comment