Android Phones Now Subject To Targeted Malware Attacks
The key to getting the attack off the ground was gaining access to the email of a well-known activist and then using that account to send malware-loaded emails to other activists. Once the attachment was opened on an Android phone, the Trojan would gather contacts and other data and send it to a server in Los Angeles. According to Forbes, the attachment was called “WUC’s Conference.apk,” and was likely meant to make activists think it was a friendly attachment related to the World Uyghur Congress (WUC). This sort of social engineering is effective because it uses the credibility of an organization to give recipients as sense of security.
It’s disconcerting to see targeted malware showing up on Android phones, and avoiding these types of attacks can be tricky: if the email comes from a friendly organization, it’s tempting to trust the email and open the attachment. Unless you take a scorched-earth approach to email attachments, consider yourself warned. And keep in mind, Tibetan activists aren't the only ones vulnerable to Android malware.