China-linked cyberattack hijacks phones

China-linked cyberattack hijacks phones
© Thinkstock

Suspected China-based hackers are luring government workers and employees at large corporations in more than 20 countries to download malicious Android apps that can hijack a smartphone.

According to new research from security firm FireEye, a group of cyberattackers are uploading corrupted versions of popular apps to third-party app stores, and then promoting the download links on websites and in-app ads.


“This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat,” the company said in a blog post.

If a user accidentally downloads one of the malicious apps, it instantly collects and uploads all of the device’s information to a remote server.

But the takeover doesn’t stop there. The nefarious software can take control of the phone and uninstall, launch or install other apps on the device, “possibly preparing for further attacks,” FireEye said.

The company has tied the campaign to Chinese hackers.

“We observed that all samples contain simplified Chinese characters in the code,” it said.

The technique harkens back to a similar scheme FireEye uncovered last fall.

The company said it caught Chinese hackers replacing authentic Apple-approved apps with nefarious look-alikes. When downloaded from the App Store, the malicious software replaced other important apps already on the phone — a banking or email app, for instance — with an imitator that scraped up personal information, tracked location, or even eavesdropped on conversations.

Broadly speaking, China has emerged as the main digital adversary to the U.S.

The Obama administration has alleged that both state-sponsored and rogue Chinese hackers are constantly peppering American businesses and government agencies with cyberattacks.

During Chinese President Xi Jinping’s recent state visit, the two countries agreed to a “common understanding” that neither side would engage in or support commercial espionage. The agreement did not address legitimate intelligence espionage.