Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

September 25, 2019
in Internet Privacy
1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp
589
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices.

Dubbed Poison Carp by University of Toronto’s Citizen Lab, the hacking group behind this campaign sent tailored malicious web links to its targets over WhatsApp, which, when opened, exploited web browser and privilege escalation vulnerabilities to install spyware on iOS and Android devices stealthily.

You might also like

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

“Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators posing as NGO workers, journalists, and other fake personas,” the researchers say.

What’s more? The researchers said they found “technical overlaps” of Poison Carp with two recently discovered campaigns against the Uyghur community in China—the iPhone hacking campaign reported by experts at Google and the Evil Eye campaign published by Volexity last month.

Based on the similarities of the three campaigns, researchers believed that the Chinese government sponsors Poison Carp group.

Poison Carp campaign exploits a total of 8 distinct Android browser exploits to install a previously undocumented fully-featured Android spyware, called MOONSHINE and one iOS exploit chain to stealthily install iOS spyware on ‘users’ device—none of which were zero days.

tibet malware attack

“Four of the MOONSHINE exploits are clearly copied from working exploit code posted by security researchers on bug trackers or GitHub pages,” the report says.

Researchers observed a total of 17 intrusion attempts against Tibetan targets that were made over that period, 12 of which contained links to the iOS exploit.

Once installed, the malicious implant allows attackers to:

  • gain full control of victims device,
  • exfiltrate data including text messages, contacts, call logs, and location data,
  • access the ‘device’s camera and microphone,
  • exfiltrate private data from Viber, Telegram, Gmail, Twitter, and WhatsApp,
  • downloads and install additional malicious plugins.

Besides this, researchers also observed a malicious OAuth application that the same group of attackers used to gain access to its ‘victims’ Gmail accounts by redirecting them to a decoy page designed to convince them that the app served a legitimate purpose.

Among the victims that were targeted by the Poison Carp hackers between November 2018 and May 2019 include the Private Office of Tibetan Buddhist leader the Dalai Lama, the Central Tibetan Administration, the Tibetan Parliament, Tibetan human rights groups, and individuals holding senior positions in their respective organizations.

Though this is not the first case attempting to target Tibetan government, the researchers say the new Poison Carp campaign is “the first documented case of one-click mobile exploits used to target Tibetan groups.”

“It represents a significant escalation in social engineering tactics and technical sophistication compared to what we typically have observed being used against the Tibetan community,” the report reads.

After the disclosure of iPhone hacking campaign, Apple released a statement last month confirming that the iOS campaign targeted the Uyghur community and saying that the company patched the vulnerabilities in question in February this year.

Since none of the iOS and Android vulnerabilities exploited in the campaign is zero-day, users are highly recommended always to keep their mobile devices up-to-date to become a victim of such attacks.


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Cloudera Data Platform launches with multi/hybrid cloud savvy and mitigated Hadoop complexity

Next Post

Ransomware: New file-encrypting attack has links to GandCrab malware, say security researchers

Related Posts

Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Internet Privacy

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
Next Post
Ransomware: The cost of rescuing your files is going up as attackers get more sophisticated

Ransomware: New file-encrypting attack has links to GandCrab malware, say security researchers

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Machine Learning as a Service (MLaaS) Market 2020 Emerging Trend and Advancement Outlook 2025
Machine Learning

Key Company Profile, Production Revenue, Product Picture and Specifications 2025

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

Machine Learning May Reduce Mental Health Misdiagnosis

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
AI & ML Are Not Same. Here's Why – Analytics India Magazine
Machine Learning

AI & ML Are Not Same. Here's Why – Analytics India Magazine

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit February 28, 2021
  • Key Company Profile, Production Revenue, Product Picture and Specifications 2025 February 28, 2021
  • Cybercrime groups are selling their hacking skills. Some countries are buying February 28, 2021
  • Machine Learning May Reduce Mental Health Misdiagnosis February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates