Being a Uyghur activist or a Tibetan activist , you should exercise care when you open your next email because it may contain a mail which may though carry the title of human right conference, but it may well end up injecting Trojan virus into your smartphone hacking tons of information that you carry in them.

Kaspersky lab through their team of researchers has managed to unfold a new malware which has been specifically designed to target Uyghur and Tibetan activists which are using Android phones to open their emails. It is basically a Trojan Virus which is really malicious for Android phones and is sent an email which has the title of world Uyghur conference related to human right activists coming from China, Tibet, Mongolia and Turkestan.

Android Trojan Virus Attack on Tibetan Activists

Kaspersky has also said that this attack is the first one which has been specifically designed from Android phones because the ones which were launched previously were for Mac and windows computers though they were against the same groups.

A senior official of the research time at Kaspersky lab, Mr. Baumgartner exclaimed in an interview that this Trojan virus is the first one which has been launched to Target Android phones through a public documentation. Attacks have been devised in the past and the Android malware is also not a new one, but it is the first instance of a targeted attack which has been publicly documented.

The file which is being used in the attack is Android application package (.apk) and is used to install and distribute various applications on the operating systems of Google’s mobiles. One of the Tibetan activists on 24th March received such a file which invited him to open the attachment which titled being a letter from the officials of the organization of human rights.

After the application starts, a virus penetrates into the command and control server which is though situated in Los Angeles but is registered with a company that is located in Beijing. The app signals to the server that the virus has penetrated into the phone and then it functions to hack data from the cell phone such as SMS, contacts etc.

Mr. Baumgartner also told us that the malware after infection does not starts to steal data on an immediate note and gives time to the process so that more data is stored on the phone and then the hackers can get the information which may be stored by the users after a specific time or a specific meeting which he/she is about to attend.

The malware which is still believed by Kaspersky lab as some prototype may have been devised by Chinese hackers because it contains some words in The Chinese language along with the words in Tibetan.

Mr. Baumgartner added that though the reason or cause behind the virus may be cyber espionage but whether the hackers have been sponsored by some state is still to be seen. The technical and the social engineering strategy of the malware have both been on a sound note because the malware used the account of a Tibetan activist to attack some Uyghur activist. This is something which has been previously used as war strategies where trusts and confidence between groups were exploited for different purposes.

So, Android users for now should prevent the opening of APK files which are attached to some email unless and until the source is a truly trusted one.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.