This time however, Kaspersky Labs believes it has uncovered the first known targeted malware attack on the Android platform. In this case, the targeted victims were Tibetan activists, but now we can see how such an attack might play out again.
Like many virus and malware attacks, this one started with an email that used social engineering and verbal manipulation. The hackers were able to access a high-profile Tibetan activist’s email and use that to send out the infected message to everyone in the contact list. Rather than being a poorly worded email promising riches from an abandoned bank account in North Africa, the message was carefully worded and designed to evoke action by the reader, in this case, a reference to an attached file with an ".apk" extension.
APK is an Android Package file and once the user opened it, an application called “Conference” would install itself on the device. The user would open the app and see a less carefully worded message which would serve as a distraction while the malware would scour contacts on the device and SIM card, copy call logs, SMS messages, geo-location, and other data about the device.
As the targets were Tibetan activists, it does not take a giant leap to think that the hackers involved were from China. Kaspersky believes attacks like this will evolve and adapt to take advantage of future vulnerabilities.
In the meantime, the same no-nonsense rules apply to email and attachments. If you do not recognize the file extension or the message is unexpected, use a bit of scrutiny before blindly clicking on a link or attachment.