Android Trojan Found in Targeted Attack
In the past, we’ve seen targeted attacks against Tibetan and Uyghur activists on Windows and Mac OS X platforms. We’ve documented several interesting attacks (A Gift for Dalai Lamas Birthday and Cyber Attacks Against Uyghur Mac OS X Users Intensify) which used ZIP files as well as DOC, XLS and PDF documents rigged with exploits.
Several days ago, the e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. Perhaps the most interesting part is that the attack e-mails had an APK attachment – a malicious program for Android.
On March 24th, 2013, the e-mail account of a high-profile Tibetan activist was hacked and used to send spear phishing e-mails to their contact list. This is what the spear phishing e-mail looked like:
In regards to the message text above, multiple activist groups have recently organized a human rights conference event in Geneva. We’ve noticed an increase in the number of attacks using this event as a lure. Here’s another example of such an attack hitting Windows users:
Going back to the Android Package (APK) file was attached to the e-mail, this is pushing an Android application named “WUC’s Conference.apk”.
This malicious APK is 334326 bytes file, MD5: 0b8806b38b52bebfe39ff585639e2ea2 and is detected by Kaspersky Lab products as “Backdoor.AndroidOS.Chuli.a”.
After the installation, an application named “Conference” appears on the desktop:
If the victim launches this app, he will see text which “enlightens” the information about the upcoming event: