A spear-phishing attack serving malware over Android has been detected, the first of its kind according to Kaspersky Lab.
The android trojan app was sent via email to Uyghur activists and advocates using a hijacked account email account belonging to a high-profile Tibetian activist.
Costin Raiu, Kurt Baumgartner and Denis Maslennikov said in a blog it indicated a new style of attack that exploited truisted relationships.
“It is perhaps the first in a new wave of targeted attacks aimed at Android users,” the researchers said.
"So far, the attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques."
In style typical of such activist attacks, executing the attachment dropped both a legitimate file -- a letter -- and a backdoor which confirms the infection to a command-and-control (C&C) server.
The infected box would then send out data including phone and SIM contacts; call logs; SMS messages; geolocation data, and phone data such as the phone number, OS version, device model, and SDK version.
Most attacks against Uyghurs target Windows machines through Word documents exploiting known vulnerabilities (CVE-2012-0158, CVE-2010-3333, CVE-2009-3129).
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
