The threat of malicious software is almost an assumed formality given the large number of threats on the internet today. Aimed at gathering sensitive data from target computers, these malicious software are thriving solely on the reluctance to correct them by users worldwide. Till recently, the threat of malicious software existed only on desktops and laptops. No well known malware existed which targeted smartphones exclusively. However, this is all about to change after security researchers at Kaspersky Labs claimed to have uncovered the first malware attack on an Android phone.
This recent announcement from Kaspersky Labs has sparked a debate on the safety of data in smartphones. Kaspersky Labs revealed that the victims of this attack were primarily Tibetans, but given the varying customer base of the Android it could have been anyone. The attacks as described by scientists from Kaspersky Labs seem to have relied heavily on social engineering and a type of verbal manipulation to hack their target devices.
The attack which took place on March 24th involved the hacking of an account of a high profile Tibetan activist, which was eventually used to send a smear-phishing email to the victim’s contact list. The phishing email used a logical approach to ensure that the receiver believes that the email was not spam. For example, using an attachment titled “WUC’s conference.apk” was smart given that several activist groups had recently organized a human rights conference in Geneva. This was branded as the ‘baiting’ tool by scientists at Kaspersky Labs.
Once the apk is downloaded by the user, it installed an app called “Conference” on the home screen. Opening the app will display a message and as the user continues to read the message, the app establishes contact with its servers and the user’s call logs, SMS messages, geo-location and data pertaining to the phone i.e. the phone number, version details etc. are transferred to the server. The perpetrators behind the attack are still unknown, though many believe that only the Chinese are capable of stooping so low. Given that this is the first on many attacks to come, it is time users realize the importance of software that protects against malware and employ the same to ensure that their personal data remains private.