While this blog is in no way intended to be political, it dies reflect my thoughts and concerns… in light of my academic interests, and also following on from the last post about the invasion of privacy I thought I would bring this to you attention:
Researchers at Kaspersky Lab are reporting that Tibetan activists are being hit by a highly targeted form of Android malware that seeks to record their contacts, call logs, SMS messages, geolocation, and phone data.
The malware, dubbed Backdoor.AndroidOS.Chuli.a by the researchers, launches what appears to be a standard Android app that apparently contains a message from “Dolkun lsa, chairman of the executive committee of the Word [sic] Uyghur Congress.” However, the app also installs a bugging program that’s controlled by SMS.
When the correct control message comes in via SMS, the malware sends the information, encoded in Base 64, to a command and control (C&C) server running Windows Server 2003 and configured in Chinese. The commands to control the code contain Chinese characters, and the C&C servers are located in Los Angeles, but the commands travel via a domain registered to a Chinese firm.
“The current attack took advantage of the compromise of a high-profile Tibetan activist. It is perhaps the first in a new wave of targeted attacks aimed at Android users,” said the Kaspersky Lab research team. more can be found on The Register here.
Tim Myatt 