x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Targeted malware attack on Android devices steals contacts, text messages

Targeted malware attack on Android devices steals contacts, text messages

Posted: , by Maxwell R.

Tags:

Targeted malware attack on Android devices steals contacts, text messages
We hear about malware on Android devices on a regular basis. Late last year, PhoneArena.com went in-depth covering the perceived myths and realities of the threat of malware on Android devices.

This time however, Kaspersky Labs believes it has uncovered the first known targeted malware attack on the Android platform. In this case, the targeted victims were Tibetan activists, but now we can see how such an attack might play out again.

Like many virus and malware attacks, this one started with an email that used social engineering and verbal manipulation. The hackers were able to access a high-profile Tibetan activist’s email and use that to send out the infected message to everyone in the contact list. Rather than being a poorly worded email promising riches from an abandoned bank account in North Africa, the message was carefully worded and designed to evoke action by the reader, in this case, a reference to an attached file with an ".apk" extension.

APK is an Android Package file and once the user opened it, an application called “Conference” would install itself on the device. The user would open the app and see a less carefully worded message which would serve as a distraction while the malware would scour contacts on the device and SIM card, copy call logs, SMS messages, geo-location, and other data about the device.

As the targets were Tibetan activists, it does not take a giant leap to think that the hackers involved were from China. Kaspersky believes attacks like this will evolve and adapt to take advantage of future vulnerabilities.

In the meantime, the same no-nonsense rules apply to email and attachments. If you do not recognize the file extension or the message is unexpected, use a bit of scrutiny before blindly clicking on a link or attachment.

source: Forbes


23 Comments
  • Options
    Close




posted on 29 Mar 2013, 03:00

1. haseebzahid (Posts: 1797; Member since: 22 Feb 2012)


hahaa typical malwares

posted on 29 Mar 2013, 03:32 6

2. anywherehome (Posts: 971; Member since: 13 Dec 2011)


you call malware a typical app installed by user after approval of contacts or sms access? Than every app must be malware according to this logic :)
I think this is more dangerous:
"40% of iOS popular apps invade your privacy without any permission"
"Apple iOS Apps Leak More Personal Info Than Android"
"Apple lets kids easily spend parents' money, beware = easy to abuse your iDevices; very probably intention of Apple to spend your money by mistake"

we, Androids, know what we install, with iConboard you simply don't know anything :)
so logic says me that we dont need any anti-malware when we approve any app...if you dont want malware, dont install it, its called freedom :)

posted on 29 Mar 2013, 08:00 2

10. terabyteRouser (Posts: 412; Member since: 18 Oct 2011)


unfortunately, you are a little naive

posted on 30 Mar 2013, 06:43 1

16. anywherehome (Posts: 971; Member since: 13 Dec 2011)


Everything I wrote is a fact, deal with that ;-)

posted on 30 Mar 2013, 13:24

18. xtremesv (Posts: 188; Member since: 21 Oct 2011)


I support you. The naive people are the ones that trust everything they see posted on the internet. People should be more cautious and inform themselves. However this attack was not a simple 12-year-old wanting to steal a credit card number but a well-orchestrated plan with a specific agenda.

posted on 31 Mar 2013, 03:04

20. anywherehome (Posts: 971; Member since: 13 Dec 2011)


So I'm naive because I've just been given refund for app I didn't like and didn't accepted a new permission they required because of its new update? Now you can see that you are 12 years old boy ;-)
This is called freedom and responsibility..... With iOS you have no freedom and you are a limited kid for Apple..... what's worse you are not safer with stealing iOS apps ;-)

posted on 31 Mar 2013, 11:59

22. xtremesv (Posts: 188; Member since: 21 Oct 2011)


Hahaha, the one I was supporting was your statement dude, please read and understand first before reacting to a comment.

posted on 31 Mar 2013, 13:32

23. anywherehome (Posts: 971; Member since: 13 Dec 2011)


OK sorry, isn't clear if you mean me as naive to trust to my sources :-)

posted on 29 Mar 2013, 11:58

14. haseebzahid (Posts: 1797; Member since: 22 Feb 2012)


doesnt change the condition of Android either if u pointing apples one both sucks at malware thingie but both sucks at this

and reason is they are used by masses so its good hunting ground for hackers

posted on 31 Mar 2013, 03:07

21. anywherehome (Posts: 971; Member since: 13 Dec 2011)


With android is almost perfect, when you don't accept permission an app requires don't install unlike limited iConboard :-)
It's called freedom and in freedom you have to behave responsibly unlike kids with iConboards :-)

posted on 29 Mar 2013, 03:40

3. RaKithAPeiRiZ (Posts: 1296; Member since: 29 Dec 2011)


i had no idea that Tibetan monks use androids

posted on 29 Mar 2013, 03:51 2

4. jose.vu (Posts: 16; Member since: 28 Mar 2013)


"the targeted victims are Tibetan activists" ---> then it's easy to see this is an act of the f**king communist party from China ... they will sure later deny and say ppl made this up to make China look bad ...

posted on 29 Mar 2013, 03:59 5

5. boosook (Posts: 889; Member since: 19 Nov 2012)


Android does not allow the installation of apps not downloaded from the market unless you specifically enable it, and if you enable it Android would ask for a confirmation with a dialog box anyway. Besides, if you allowed downloaded apps installation, you would surely know that you don't have to install an apk you received in an email from an unknown source.
And anyway you would be notified of the permissions required by the app.
So I don't see a real security threat here, wether you're a beginner or an advanced user.
Anyway, it's a measure of Android's popularity, though it is a poor attempt. :)

posted on 29 Mar 2013, 04:05 5

6. Nkolsen (Posts: 24; Member since: 28 Mar 2013)


Sorry, but it They take this bait, its their own fault. NEVER AND I MEAN NEVER install 3rd party apk's....

posted on 29 Mar 2013, 04:35 1

8. TheMan (Posts: 369; Member since: 21 Sep 2012)


Especially if it's from Facebook!

http://www.phonearena.com/news/Facebook-sends-out-invites-to-its-new-home-on-Android-for-April-4th_id41321

posted on 29 Mar 2013, 04:26 3

7. rusticguy (Posts: 2813; Member since: 11 Aug 2012)


Only a fool would act on such spam mails and a still bigger fool would open the attachment in a mail from unknown source.

posted on 29 Mar 2013, 07:11 6

9. Aeires (unregistered)


Who in their right mind installs apk files from junk mail? If you get this malware it's completely your fault for doing stupid things.

posted on 29 Mar 2013, 08:12 1

11. xperiaDROID (Posts: 5042; Member since: 08 Mar 2013)


Malware.....malware.....blah blahblah. The person who invented the malware should go to jail.

posted on 29 Mar 2013, 13:41

15. rusticguy (Posts: 2813; Member since: 11 Aug 2012)


M$ started it as an internal project long long back.... others then picked it up.

posted on 30 Mar 2013, 11:55

17. xperiaDROID (Posts: 5042; Member since: 08 Mar 2013)


Are you sure about that? I don't want to blame Microsoft again.

posted on 29 Mar 2013, 09:32

12. gmracer1 (Posts: 646; Member since: 28 Dec 2012)


aaaaaahahahaha nice try on this one! BAAAAHAHAHAAAAAAA

posted on 29 Mar 2013, 11:27

13. networkdood (Posts: 6244; Member since: 31 Mar 2010)


Again, you had to allow this to happen on your phone...stupid is as stupid does....right Forest?

posted on 30 Mar 2013, 19:15

19. zekes (Posts: 205; Member since: 14 Aug 2012)


its not about apple lmao

Want to comment? Please login or register.

Latest stories