Slashdot Mirror

← Back to Stories (view on slashdot.org)

Targeted Attack Campaign Uses Android Malware

Posted by Soulskill on from the burdens-of-popularity dept.

Trailrunner7 writes "Android attacks have become all the rage in the last year or two, and targeted attacks against political activists in Tibet, Iran and other countries have been bubbling up to the surface more and more often. Now, those two trends have converged with the discovery of a targeted attack campaign that's going after Tibetan and Uyghur activists with a spear-phishing message containing a malicious APK file. Researchers say the attack appears to be coming from Chinese sources. The new campaign began a few days ago when unknown attackers were able to compromise the email account of a well-known Tibetan activist. The attackers then used that account to begin sending a series of spear-phishing messages to other activists in the victim's contact list. One of the messages referred to a human rights conference in Geneva in March, using the recipients' legitimate interest in the conference as bait to get them to open the attachment. The malicious attachment in the emails is named 'WUC's Conference.apk.'"

13 of 74 comments (clear)

  1. Harvests info by Dan+East · · Score: 3, Insightful

    The Android App harvests information (contacts, SMS messages, location, SIM data) and reports it back only when ordered to by the reception of a SMS message command. The location is particularly troubling because they can just keep pinging the phone to track the individual in real-time, then who knows what could happen next.

    --
    Better known as 318230.
    1. Re:Harvests info by interkin3tic · · Score: 2

      So you're saying this isn't a "malware" problem so much as it is a "Chinese government hacking dissidents phones to try to find other people to throw in jail for political speech."

    2. Re:Harvests info by interkin3tic · · Score: 3, Insightful

      What's your point? I can't criticize one government for something if the government where I live does anything similar?

      Or are you pushing a straw man argument here, that I was suggesting the US government didn't do anything like that?

      Honestly, fuck off. Bad government is bad government, no matter if my government is the same or worse.

  2. Re:Lol by erroneus · · Score: 4, Insightful

    No apologies here. If someone is stupid enough to install a program they receive in email and they weren't expecting one? C'mon!

    I'd still rather be able to choose what I want to install than to have the maker and/or seller of the device make those decisions for me.

  3. Re:Superior Unix Architecture? by schitso · · Score: 5, Insightful

    Regardless of the system, an incompetent privileged user is always going to be a vulnerability.

  4. Re:Just use a custom hosts file that blocks malwar by larry+bagina · · Score: 3, Funny

    Wrong APK :)

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  5. Re:Targeted Phone Attacks by cavreader · · Score: 3, Interesting

    Before cellular phones existed the Israelis targeted one of the people responsible for the Munich Olympic killings using a good ole fashion public phone. Technology marches on but usually the end result remains basically the same.

  6. Re:Lol by tlhIngan · · Score: 4, Insightful

    If someone is stupid enough to install a program they receive in email and they weren't expecting one? C'mon!

    It's called spear phishing. Where instead of blasting a million messages to everyone at random, you send a very plausible message to someone who ought to know the sender.

    Basically, what happened here is someone hacked an activiist's email account, and used it to send a plausible looking message to their contacts, like say, something about an upcoming human rights conference. The recipient sees it's from someone they trust and the message is appropriate to their relationship (i.e., it came from a human rights activist and is about a human rights conference).

    Yes, you probably should not be clicking links from anyone, even those of your trusted friends and relatives, but for most people, they believe it's authentic. Hell, the RSA hack happened the same way - a faked email coming from the hiriing company RSA uses went to the HR coordinator claiming to be a list of new hires.

  7. Re:Dealing with incompetent device owner by LDAPMAN · · Score: 2

    Exactly right! That is the solution. To be able to do what you like you need $99/yr and enough knowledge to run Xcode. I think it's a pretty good solution.

  8. Re:Dealing with incompetent device owner by schitso · · Score: 2

    Er, no? How about take away the privilege by default, and require that the user enable the ability install potentially insecure apps? Those of us who are responsible with our devices shouldn't have to pay the maker of our preferred OS to toggle a setting.

  9. Re:Dealing with incompetent device owner by Nerdfest · · Score: 3, Informative

    ... yeah, don't you need to buy a Mac as well? I think a check box in the settings works perfectly fine.

  10. Re:Lol by elashish14 · · Score: 3, Informative

    It's still no excuse. YOU DO NOT OPEN ATTACHMENTS THAT YOU ARE NOT EXPECTING. It doesn't matter who the source is. Anyone could get hacked. Even if the source is someone you trust, but the message seems out of the blue and not something you expect, you get back in touch with them and ask if they sent it. Just because the message seems authentic doesn't mean that it is. It's still your fault as the user for trusting something that you shouldn't.

    --
    I have left slashdot and am now on Soylent News. FUCK YOU DICE.
  11. Re:Lol by noh8rz10 · · Score: 2

    that's fine, just don't text/email/call me from your android, so i can be sure I'm safe.