New Android Malware Targets Tibetan Activists

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to Citizen Lab researchers, a compromised version of the KakaoTalk Android mobile messaging client was recently delivered in a highly targeted e-mail to a prominent Tibetan political figure (h/t TechHive).

"Members of the Tibetan community have used KakaoTalk and other applications as alternatives to WeChat (a chat client rapidly rising in popularity) after concerns were raised regarding that application’s general security and the potential for Tencent (the Chinese company that provides the application) to monitor users at the behest of the Chinese government," the researchers note.

The e-mail contained an attached .APK file that delivered a modified version of the legitimate KakaoTalk app, which requested additional permissions while preserving the app's core functionality and user interface. The additional permissions were designed to allow the app to upload the user's contacts, call history, SMS messages and network configuration to a remote server.

Strikingly, the researchers note, the malware also responds to specially coded SMS messages by providing the base station ID, tower ID, mobile network code and mobile area code of the infected device. "This information is only useful to actors with access to the cellular communications provider and its technical infrastructure, such as large businesses and government," the researchers write.

In testing conducted on February 6, 2013, and March 27, 2013, the researchers report, mobile anti-virus scanners from Avast, Lookout and Kaspersky all failed to detect the application as malicious.