New Android Malware Targets Tibetan Activists
Citizen Lab researchers report that security solutions from Avast, Lookout and Kaspersky all failed to detect the app as malicious.
According to Citizen Lab researchers, a compromised version of the KakaoTalk Android mobile messaging client was recently delivered in a highly targeted e-mail to a prominent Tibetan political figure (h/t TechHive).
"Members of the Tibetan community have used KakaoTalk and other applications as alternatives to WeChat (a chat client rapidly rising in popularity) after concerns were raised regarding that application’s general security and the potential for Tencent (the Chinese company that provides the application) to monitor users at the behest of the Chinese government," the researchers note.
The e-mail contained an attached .APK file that delivered a modified version of the legitimate KakaoTalk app, which requested additional permissions while preserving the app's core functionality and user interface. The additional permissions were designed to allow the app to upload the user's contacts, call history, SMS messages and network configuration to a remote server.
Strikingly, the researchers note, the malware also responds to specially coded SMS messages by providing the base station ID, tower ID, mobile network code and mobile area code of the infected device. "This information is only useful to actors with access to the cellular communications provider and its technical infrastructure, such as large businesses and government," the researchers write.