Last updated on April 20, 2014 at 8:28 EDT

Kaspersky Lab Identifies First Targeted Attack Utilising Malware for Android Devices

March 26, 2013

ABINGDON, England, March 26, 2013 /PRNewswire/ –

First serious targeted attack on mobile devices staged by Chinese-speaking
authors -designed to steal contacts, messages and other information from mobile devices of

Uyghur activists

Kaspersky Lab [http://www.kaspersky.co.uk ] has detected a new targeted attack against
Uyghur activists which, for the first time, is based on a malicious program for
Android-based mobile devices. The attack is designed and performed in a similar manner as
numerous other attacks on Uyghur and Tibetan activists, but instead of relying on
exploit-rigged DOC, XLS or PDF documents for Windows-based computers or Macs, it targets
mobile devices.

The Android malware used in the new attack steals private data from infected
smartphones, including the address book and messaging history, and sends it to a command
and control server. This attack is believed to be the first of this kind utilising fully
functional Android malware and specifically targeting mobile devices of potential victims.

The attack took place at the end of March 2013 and started with the hacking of an
email account belonging to a high-profile Tibetan activist. The attackers used this
account to send ‘spear-phishing’ emails to his contact list. The malicious messages
targeted Mongolian, Chinese, Tibetan and Uyghur political activists, and had attached an
.APK file containing a malicious program for Android devices. Investigation of this
malware performed by Kaspersky Lab’s experts revealed that it was most likely designed by
Chinese-speaking authors, judging by comments in the code and certain characteristics of
the command and control server.

Costin Raiu, Director, Global Research & Analysis Team, Kaspersky Lab comments; “Until
now we have not seen targeted attacks against mobile devices in the wild, although there
were signs that attackers were interested and experimenting in this field. This particular
attack utilises a fully featured Trojan aimed at stealing private data from a targeted
group of victims. The attackers have so far used social engineering to trick the victims
into installing the app. However, we believe that in the future such attacks will exploit
vulnerabilities in mobile software, or a combination of techniques.”

Kaspersky Lab’s protection solutions for Android-based mobile devices – Kaspersky
Mobile Security [http://www.kaspersky.co.uk/mobile-security ] and Kaspersky Tablet
Security [http://www.kaspersky.co.uk/tablet-security ] – detect and block the malware used
in this targeted attack as Backdoor.AndroidOS.Chuli.a. The malware is also blocked by the
new corporate solution, Kaspersky Security for Mobile, available as part of company’s
broad business security offering [http://www.kaspersky.co.uk/business-security ].

A detailed report by Kaspersky Lab experts is available at Securelist.com:


About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection
solutions. The company is ranked among the world’s top four vendors of security solutions
for endpoint users*. Throughout its 15-year history Kaspersky Lab has remained an
innovator in IT security and provides effective digital security solutions for consumers,
SMBs and enterprises. The company currently operates in almost 200 countries and
territories across the globe, providing protection for over 300 million users worldwide.
Learn more at http://www.kaspersky.co.uk.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue
by Vendor, 2011. The rating was published in the IDC report “Worldwide Endpoint Security
2012-2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked
software vendors according to earnings from sales of endpoint security solutions in 2011.

Follow us on Twitter


Like us on Facebook


(c) 2013 Kaspersky Lab. The information contained herein is subject to change without
notice. The only warranties for Kaspersky Lab products and services are set forth in the
express warranty statements accompanying such products and services. Nothing herein should
be construed as constituting an additional warranty. Kaspersky Lab shall not be liable for
technical or editorial errors or omissions contained herein.

Editorial contact:

        Berkeley PR                    Kaspersky Lab UK
        Ella Thompson                  Ruth Knowles
        kasperskylab@berkeleypr.co.uk  Ruth.Knowles@kasperskylab.co.uk
        Telephone: +44-(0)118-909-0909 Telephone: +44-(0)871-789-1633
        1650 Arlington Business Park   Milton Business Park
        RG7 4SA, Reading               OX14 4RY, Oxford

SOURCE Kaspersky Lab

Source: PR Newswire