Chinese Government Hackers Spreading Android Malware: Report

Citizen Lab, a group of information security researchers at the Munk School of Global Affairs at the University of Toronto has revealed a report that further strengthens the belief.

It is widely believed on the basis of some new researches that Chinese government hackers see every computer in the world as a potential threat. So it comes as no surprise that even smartphones are at the core of these state-sponsored hackers’ targets.

Citizen Lab, a group of information security researchers at the Munk School of Global Affairs at the University of Toronto has revealed a report that further strengthens the belief. According to Forbes, the report shows that Tibetan activists are being targeted with sophisticated malware designed to infect Android phones, allowing the malware’s operator to steal the user’s contacts and messages, and track his or her location.

Citizen Lab is not the only agency, even Kaspersky Labs had cites an example a few weeks back. However, what makes this finding new is the fact that researchers figured out a new glitch: To pinpoint a target’s location, data retrieved by the malware is designed to be combined with cell tower data from a telecommunications company. Ron Deibert, director, Citizen Lab says it is a strong hint and indicates that the malware was written not by unaffiliated hackers, but by the Chinese government. It is known that the government has close ties with the country’s phone carriers, reported Forbes.

Deibert further added, “We don’t have a smoking gun that this is the Chinese government. But let’s face it. When you add it all up, there’s really only one kind of organization for whom this information is useful. And we know that the Chinese have a very strong interest in tracking Tibetans, so it’s a strong set of circumstantial evidence.”

One of the contacts, a Tibetan activist, was observed to be sent a tweaked version of Kakao Talk, which is a mobile messaging app for Android. It was sent via an e-mail that appeared to be coming from an authentic contact. “The app was designed to periodically bundle the user’s contacts and text message history in a file called “info.txt” that was sent to a remote server masquerading as Baidu, the most popular Chinese search engine. And when the malware’s operator sent a certain code to the infected phone via text message, it was designed to hide that message and invisibly respond with information related to the mobile network and cell tower to which the user was connecting, data that could be combined with a database of cell tower locations maintained by a cellular carrier to pinpoint a phone’s location,” Verge reported. 

http://efytimes.com