Chinese malware has been monitoring Uighurs

Lookout, a developer of security software, announced on July 1 that surveillance activities through malicious code targeting Uighurs living in the Uighur Autonomous Region in Xinjiang, China, have been conducted over several years. Lookout found that there are four malicious codes that work on Android devices, and it is possible that it targets not only Uighurs but also Muslims outside China.

It is reported that surveillance through four types of malicious codes discovered by the company (SilkBean, DoubleAgent, CarbonSteal, GoldenEagle) has been conducted since 2013. It is said that the main purpose of the monitoring tool was to collect user personal information, and the malware installed an Android app as a Trojan horse on personal devices.

The applications for which four types of malicious codes were hidden are Android apps such as Uighur Music Service (Sarkuy), Uighur Pharmacy App (TIBBIYJAWHAR), and Uighur Internet Shop (Tawarim). A review of these apps revealed that not only the Uighurs in China, but also some Tibetans and Uighurs living outside China were targeting the targets.

In addition, through the investigation, surveillance by malware was also being carried out with Android apps such as Turkey Navigation, Kuwait FM Radio, and Syria News.In addition to China, Turkey, Kuwait, Syria, etc. It is also revealed that Muslims from 14 countries may have been subject to surveillance by malicious codes.

In the past, China has been discovered while forcing border guards to install surveillance apps on travelers’ smartphones going to Xinjiang Uyghur Autonomous Region. Lookout estimates that the surveillance of the Uighurs by malicious code that has been conducted before has been further strengthened as the Chinese government strengthened crackdown on violent terrorism in the wake of the 2014 violence in Kunming Station. Also, Lookout suggests that the surveillance activity by malicious code may be related to several hacker groups based in China (APT15, Ke3chang, Mirage, Vixen Panda, Playful Dragon).

Monitoring applications affected by malicious code were distributed through all phishing emails, phishing sites, and fake app stores, and no apps were delivered through Google Play. He pointed out the dangers of downloading apps from places other than regular stores. Related information can be found here .