SCF Portal Stats

Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42951
  • Total Topics: 16150
  • Online Today: 4549
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

« previous next »
Pages: [1]

Author Topic: Targeted Attacks the Next Step in Mobile Malware  (Read 1948 times)

0 Members and 2 Guests are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Targeted Attacks the Next Step in Mobile Malware
« on: 02. April 2013., 09:23:39 »
Targeted Attacks the Next Step in Mobile Malware

The Android threat landscape continues to evolve in 2013. To distribute Android threats, malware authors are transitioning away from attacking traditional vectors like the Google Play Market and third-party Android markets to vectors like spam and phishing emails and SMS.

Recently a new information-stealing Android malware was found being distributed as an attachment in emails as part of a targeted attack against Uyghur, Mongolian, Tibetan, and Chinese activists. The social-engineering attack was carried out through email consisting of an invitation to the “World Uyghur Congress” (WUC) and an attachment pretending to be a letter on behalf of WUC, the Unrepresented Nations and Peoples Organization, and the Society for Threatened Peoples. In reality the file was the Android application “WUC’s Conference.” After downloading, the application asks for the following suspicious permissions:



Once the permissions were accepted and the application was installed on the device, the malware shows the following text related to the fake conference in Geneva:



At the same time, a service starts in the background without the user’s consent:



The service registers the infected device at the malware’s control server to start collecting the following sensitive information:

• Phone contacts (name and phone number)

• Call records (number, name, date, and duration)

• SIM contacts (name and phone number)

• SMS messages (address, body, and date)

• Geo-location (longitude and latitude)

• Device information (phone model, SDK version, OS version, and version release)

This information is later encoded and sent to the control server:



The malware also registers a receiver in the system that permanently checks incoming SMS messages for one of the following commands: SMS, contact, location, or other (call records) in order to resend the requested information. Another variant with the same payload was found stored on the control server with the name “Document.apk,” but this time the malware shows text in Chinese that talks about disputed islands between China and Japan:



McAfee Mobile Security detects both variants of this threat as Android/Chuli.A and alerts mobile users if it is present on their devices, while protecting them from any data loss. Click here for more information about McAfee Mobile Security.


Orginal article: Thursday, March 28, 2013 at 2:19pm by Carlos Castillo
Logged
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

Targeted Attacks the Next Step in Mobile Malware
« on: 02. April 2013., 09:23:39 »
Pages: [1]
« previous next »
 

+ Quick Reply

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising