IT Security Researchers Find Two New Surveillance Tools Targeting Uighur Mobile Apps – Radio Free Asia
According to a new report, China has been hacking mobile apps in the Uyghur language and infecting users’ devices to further monitor the persecuted Muslim-majority group in the northwestern region of Xinjiang and in other countries.
Researchers at the Threat Lab at California-based computer and network security company Lookout have discovered two new surveillance tools called BadBazaar and Moonshine targeting Uyghurs in China and beyond.
The two tools could be used to track activities that authorities deem indicative of religious extremism or separatism if Uyghurs use virtual private networks or VPNs, communicate with Muslims abroad, or use messaging apps such as WhatsApp that are popular outside of China, according to the report. Reportwhich was published November 1.
BadBazaar is a new Android monitoring tool that shares infrastructure with other previously discovered tools targeting Uyghurs mentioned in White Paper 2020 Produced by Lookout’s Threat Intelligence Team.
It disguises itself as a variety of Android apps, such as battery managers, video players, radio apps, messaging apps, Uyghur language dictionaries, and religious apps.
They collect location information, lists of installed packages, call logs and associated locations, phone calls and contacts, installed Android apps, SMS information, mobile device information, and Wi-Fi connection data, according to the report.
The command and control server gives commands
MOONSHINE uses updated variants of a tool previously disclosed by Citizen Lab at the Munk School of Global Affairs and Public Policy at the University of Toronto It was noted for targeting Tibetan activists in 2019.
It establishes a connection to a command and control server so that the malware can receive commands to perform various functions such as recording phone calls, collecting contact information, retrieving files, removing SMS messages, capturing cameras, and collecting data from social media apps.
“BadBazaar and these new variants of MOONSHINE add to the already wide array of unique surveillance tools used in campaigns to monitor and subsequently detain individuals in China,” the report stated.
“Its continued development and spread on social media platforms in the Uyghur language indicates that these campaigns are continuing and that threat actors have successfully infiltrated online Uyghur communities to distribute their malware,” she added.
Christina Balam, a Canada-based employee security intelligence engineer and senior threat researcher at Lookout, told RFA that the oldest usage samples for the two monitoring tools date back to 2018.
“The malware samples we’re looking at are getting more and more sophisticated,” she told RFA. “They introduce new functionality. They’re trying to do a better job of hiding where all the malicious functionality lives inside the source code. Hiding some of the malicious functionality has become more sophisticated in some of these later variants.”
She said researchers are confident that the malicious actors speak the Chinese language and appear to be operating in line with the interests of the Chinese government.
“Therefore, we suspect at least that they are in mainland China,” said Balaam.
The Uyghur diaspora has been targeted
Badam Uyghur Keyboard, an app he has used for five years, has unleashed malware that has allowed his mobile device to be compromised three times since 2017, said Abdulweli Ayoub, a Uyghur linguist who lives in Norway and runs a website documenting missing and imprisoned Uyghurs in Xinjiang.
“It appears that China has hit apps used by the Uyghur diaspora community the most, including Uyghur language learning apps, Uyghur keyboard apps, Arabic language learning apps, and [ones] for communications such as Skype [and] Telegram,” he told RFA. “And this is a very dangerous situation. Even more disturbing is the neglect of some Uyghurs [concerning] The issue of infecting China with the apps they were using with spyware.”
In response to the report’s findings, Uyghur cybersecurity expert Abdusukur Abdurashid told Radio Free Asia that the apps include sophisticated data-stealing features that collect personal information, photos and phone numbers and send them to another server.
“It’s clear that the Chinese government is trying to control the Uyghurs in exile by making the apps we use a lot more sophisticated and less likely to detect spyware,” he told RFA. “If our photos are stolen and where we go and sleep, and our phone records and information are collected, that means they know everything about us.”
He suggested that Uighurs only download apps from trusted sources, such as the Google App Store because Google ensures that all mobile apps it offers pass a security check and remove questionable apps.
widespread monitoring system
The Uyghurs and other Turkic minorities living in Xinjiang have been subjected for years to a widespread surveillance regime that monitors their movements through the use of drones, facial recognition cameras and mobile phone scans as part of China’s efforts to control the population.
A report on mass arbitrary detentions and invasive surveillance of Uyghurs in Xinjiang, released in late August by the UN Human Rights Coordinator, has drawn further international attention to human rights abuses in Xinjiang. It said China may have committed crimes against humanity in its treatment of the Uyghurs there.
On October 31, 50 countries, including the United States, submitted a statement to the United Nations General Assembly expressing concern about “ongoing violations of the human rights of Uighurs and other predominantly Muslim minorities” in China.
Translated by Mamatjan Juma for Radio Free Asia Uyghur. By Roseanne Gerin in English. Edited by Malcolm Foster.
#Security #Researchers #Find #Surveillance #Tools #Targeting #Uighur #Mobile #Apps #Radio #Free #Asia