Some days ago , Email account of a high-profile Tibetan activist was hacked and that was used to send targeted attacks to human rights advocates and other activists, the main part of this that the mail which come to us has an attachment (.APK) File it is basically used in Android.
That was 24th March when the high-profile Tibetan activist was hacked and was used to send phishing email to their contact list, below is the Image how that Email looks like:
You have seen the above example where apk file Malware presents and now see ,How the Windows users are being hitted up see the Image below:
Going back to the Android Package (APK) file was attached to the e-mail, this is pushing an Android application named “WUC’s Conference.apk”.
This malicious APK is 334326 bytes file, MD5: 0b8806b38b52bebfe39ff585639e2ea2 and is detected by Kaspersky Lab products as “Backdoor.AndroidOS.Chuli.a”.
How it looks when it is being Installed on Android Device:
When you will open that then you will see upcoming events like this:
After the installation, an application named “Conference” appears on the desktop:
What can this Android Malware can steal:
- Contacts (stored both on the phone and the SIM card).
- Call logs.
- SMS messages.
- Geo-location.
- Phone data (phone number, OS version, phone model, SDK version).
Every day, there are hundreds if not thousands of targeted attacks against Tibetan and Uyghur supporters. The vast majority of these target Windows machines through Word documents exploiting known vulnerabilities such as CVE-2012-0158, CVE-2010-3333 and CVE-2009-3129.
