According to Kaspersky researchers, a high profile Tibetan activist had his email account hacked on March 24th, 2013. Attackers used the hacked account to send spear phishing emails to the victim’s contact list that included a malicious Android Package (APK) attachment named “WUC’s Conference.apk”, which if installed, creates a malicious app called ‘Conference’ on the Android desktop.
If the victim launches the malicious app, the malware silently contacts a C&C server and starts to harvest data including includes contacts, call logs. SMS messages, geolocation and other phone data such as phone number, OS version, phone model, and SDK version.
While there have been previous indications that these types of attacks were in development, this attack is perhaps the first in a new wave of targeted attacks aimed at Android users, Kaspersky noted in a blog post. “So far, the attackers relied entirely on social engineering to infect the targets. History has shown us that, in time, these attacks will use zero-day vulnerabilities, exploits or a combination of techniques.”