Tibetan and Uyghur activists are once again targeted with a new malware, specially designed for Android devices. This is the first documented attack that targets Android smartphones.
Security researchers at Kaspersky say they've found a targeted malware attack on Android phones that seems to come from China. The attack relied heavily on social engineering, a kind of verbal manipulation, to hack into their targets’ devices.
Malware seeks to steal information like contacts, call logs, and SMS of people who work in the field of human rights. Kaspersky has identified the Trojan as "Chuli," after a command function that shows up prior to posting stolen data to the command-and-control server at the URL: hxxp://18.104.22.168/*victims's_cell_phone_number*/process.php.
On March 24, the attackers infiltrated the email account of a high-profile Tibetan activist, and used that account to send a spear-phishing email to their contacts list. Once the victim opens the attachment on her Android phone, the file installs an application called "conference" that will display some information about the Geneva conference.
As the target is reading the message, malicious software they had inadvertently installed would report back to a command-and-control server, before collecting information from the phone.
Kaspersky also had a warning for future evolution in attack strategy: “So far, attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques.”