Trojan:Android/Chuli is a targeted information-stealing program directed at specific high-profile human rights activists.
Chuli.A is an information stealing trojan that was used in a targeted attack involving a Tibetan activist and several other high-profile human rights activists.
Chuli.A arrives onto a device via an installer named ‘WUCs Conference.apk’ and is installed as an application named Conference. When launched, it displays a string of text addressing several organizations.
In the background however, Chuli.A connects to a command and control (C&C) server at the IP address 126.96.36.199 to report the infection. It also collects device information and forwards the details to the server if instructed to do so via an SMS message. Collected information include:
Date Created: -
Date Last Modified: -