Jul 02, 2020 13:00:00

It turns out that China has been conducting Uighur surveillance activities by malware for several years

Lookout, which develops security software, announced on July 1, 2020 (Wednesday) that malware monitoring activities were being conducted for several years targeting the Uygur people living in the Xinjiang Uygur Autonomous Region in China. Lookout has discovered four types of malware running on Android devices that could have targeted not only Uighurs but also Muslims outside China.

lookout-uyghur-malware-tr-us.pdf
(PDF file) https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf

Multiyear Surveillance Campaigns Discovered Targeting Uyghurs
https://blog.lookout.com/multiyear-surveillance-campaigns-discovered-targeting-uyghurs

Research finds Uighurs targeted by Chinese spyware as part of surveillance campaign | TheHill
https://thehill.com/policy/cybersecurity/505518-research-finds-uighurs-targeted-by-chinese-spyware-as-part-of

The malware discovered by Lookout's research team is a monitoring tool named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle. Lookout reports that malicious malware, primarily targeting Uighurs, has been around since 2013. The main purpose of the monitoring tool was to collect the user's personal information, and the malware was installed as an Android app Trojan on personal devices.

The apps that contained four types of malware were Android apps such as 'Sarkuy (Uighur music service)', 'TIBBIYJAWHAR (Uighur pharmacy app)' and 'Tawarim (Uighur net shop)'. A closer look at these apps revealed that they were targeting not only Uighurs in China, but also a small number of Tibetans and Uighurs living outside China.

Furthermore, according to a Lookout survey, Android apps such as 'Turkey Navigation', 'A2Z Kuwait FM Radio' and 'Syria News' are also being monitored by malware. It has also been discovered that not only China but also Muslims in at least 14 countries, including Turkey, Kuwait and Syria, could have been subject to malware surveillance.

In China, it has been discovered in the past that the border guard forcefully installed a monitoring app on smartphones owned by travelers to the Xinjiang Uygur Autonomous Region.

It turns out that a surveillance spy app is forcibly installed on the smartphone of a traveler visiting the Uygur Autonomous Region-GIGAZINE

Lookout speculates that the Chinese government has tightened crackdown on violent terrorism triggered by the violent terrorist incident at Kunming Station in 2014, and it is speculated that the Uighur monitoring by malware was further strengthened. I will.

Lookout also suggests that malware surveillance activities may be associated with several hacker groups based in China, including APT15, Ke3chang, Mirage, Vixen Panda, and Playful Dragon.

In addition, Lookout reports that all monitoring applications affected by malware are distributed by phishing emails and sites, or fake app stores, 'it is not an app distributed from Google Play', I pointed out the danger of downloading the app from other than the official store.