China is Spying on Ethnic Minorities Using Android Malware

Posted on July 7, 2020 at 5:22 PM

China is Spying on Ethnic Minorities Using Android Malware

New research has revealed that China-based research campaigns are spying on minority ethnic groups worldwide using Android malware. The research on the situation and findings were compiled by San Francisco-based mobile cyber security firm Lookout.

The security firm says the Chinese hacker syndicates are making use of four surveillance-ware tools to steal personal data from Android smartphones. The surveillance-ware include GoldenEagle, CarbonSteal, DoubleAgent, and SilkBean. They are related but have not been documented.

Uighur Muslims are hackers’ primary targets

As revealed by Lookout, the malware are part of the larger More Advanced Persistent Threat (mAPT) hacking campaign discovered from China in 2013.

The research revealed that their main targets are Uighur Muslims in China. However, Lookout also discovered the hacking group also targets Tibetans and other Ethnic minority Muslims outside China.

Lookout examined the group’s command and control networks and certificate. Evidence from the investigation shows that the four surveillance tools are connected to the Chinese hacking malware group.

In the four cases, the C2 infrastructure and certificates were utilized with other types of malware the Chinese hacking group GREF is known to operate with.

The group has other pseudonyms, which include Playful Dragon, Vixen Panda, Mirage, Ke3chang, and APT15.

The malware contains personal data containing different details from Android smartphones, including test messages, contact information, and location data. Other details include call history and mobile metadata such as serial number and model number.

Sadly, the malware is capable of collecting data from popular chat apps in China. It also has audio recording capability, according to Lookout security.

The AP15 spyware can also take photos and screenshots using malware-infested devices. Lookout also reveals that the spyware was able to infiltrate the Android phones through bogus third-party app stores and targeted phishing.

The fake contents are hidden in apps targeting Tibetans and Uighur Muslim communities. Contents within the sampled malware usually reference news outlets and local services in countries such as Kazakhstan, Indonesia, Kuwait, Syria, and Turkey.

Infected apps have been downloaded in 14 countries

The security firm also revealed the number of languages the malware has been translated into. Lookout said there are currently 10 languages the Chinese actors have used the malware. These include Uighur, Urdu/Hindi, Indonesian, Malay, Turkish, Chinese, Persian, Pashto, English, and Arabic.

On a similar note, the security team revealed that the hackers have targeted and infected apps in 14 different countries. 12 of those countries are included in China’s list of 26 sensitive countries Uighurs have been for forbidden to have contact with.  These include Iran, Egypt, Malaysia, Saudi Arabia, Pakistan, and France.

The number of Tibetans and Uighurs that have already downloaded the malware infested apps is not known.

There has been previous report saying there is an extensive use of smartphone-targeted surveillance of Uighurs. Two years ago, Uighur adults were forced into downloading what was known as “nanny apps” that spy on their phones.

Over a million Uighur Muslims held in custody

According to Amnesty International, over a million Uighur Muslims have been detained in China to re-educated them. Similarly, the Uighurs who migrated into other countries like Turkey also fear that China may pressurize the host countries to persecute them.

The latest report by Lookout is yet another proof that Chine’s oppression of Uighur Muslims is no longer within the Chinese border. The country is extending the repression even to other countries where the minority Muslim group resides.

Lookout says this should be a source of major worry to anyone who wants to see the protection of their civil rights and privacy. As it stands for Uighur Muslims, their rights have been stripped off, which should concern every one. This is particularly worrying as mass surveillance has appeared to be a normalcy in many countries as the world tries to deal with the CVID-19 pandemic.

The report presented by Lookout has shown that digital technology may not be a force for freedom as people had hoped for. Instead, it is gradually becoming a tool through which governments may want to control their citizens and limit their rights, as it’s happening with the Uighur Muslims.

In the U.K., the British government is allegedly planning to track movements with anonymised mobile data. As a result, privacy groups are worried that such measures can minimize personal freedom and enable authoritarianism.

Summary
China is Spying on Ethnic Minorities Using Android Malware
Article Name
China is Spying on Ethnic Minorities Using Android Malware
Description
New research has revealed that China-based research campaigns are spying on minority ethnic groups worldwide using Android malware. The research on the situation and findings were compiled by San Francisco-based mobile cyber security firm Lookout.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading