IT security researchers find 2 new surveillance tools targeting Uyghur mobile apps — Radio Free Asia

China has been hacking Uyghur-language mobile apps and infecting users’ devices to further monitor the predominantly Muslim group persecuted in its northwestern region of Xinjiang and other countries, according to a new report.

Researchers at the California-based computer and network security company Lookout’s Threat Lab have uncovered two new surveillance tools they call BadBazaar and MOONSHINE that target Uyghurs in China and abroad.

The two tools can be used to track activities deemed indicative of religious extremism or separatism by authorities if Uyghurs use virtual private networks or VPNs, communicate with Muslims abroad, or use messaging apps like WhatsApp that are popular outside of China. according to him reportwhich was published on November 1st.

BadBazaar is a new Android surveillance tool that shares infrastructure with other tools targeting Uyghurs previously detected and described in a White Paper 2020 Issued by the Lookout Threat Intelligence team.

It masquerades as a variety of Android apps, such as battery managers, video players, radio apps, messaging apps, Uyghur language dictionaries, and religious apps.

They collect location information, lists of installed packages, call logs and their associated geocoded locations, phone calls and contacts, installed Android apps, SMS information, mobile device information, and Wi-Fi connection data, according to the report.

The command and control server gives orders

MOONSHINE uses updated variants of a previously revealed tool discovered by citizen laboratory at the Munk School of Global Affairs and Public Policy at the University of Toronto and was noted to be attacking Tibetan activists in 2019.

It establishes a connection to a command and control server so that the malware can receive commands to perform different functions, such as recording phone calls, collecting contact information, recovering files, deleting SMS messages, capturing cameras, and collecting data from social networking applications. .

“BadBazaar and these new MOONSHINE variants add to the already extensive collection of unique surveillance software used in campaigns to monitor and subsequently detain people in China,” the report says.

“Their continued development and prevalence on Uyghur-language social media platforms indicate that these campaigns are ongoing and that threat actors have successfully infiltrated Uyghur communities online to distribute their malware,” he said.

Kristina Balaam, a Canada-based staff security intelligence engineer and principal threat researcher at Lookout, told RFA that the first samples of use of the two surveillance tools date back to 2018.

The malware samples we are analyzing are becoming more sophisticated,” he told RFA. “They are introducing new features. They are trying to do a better job of hiding where all the malicious functionality actually lives within the source code. Hiding some of the malicious functionality has become more sophisticated in some of these later variants.”

The researchers are confident that the malicious actors speak Chinese and appear to be operating in accordance with the interests of the Chinese government, he said.

“So at least we suspect they are based in mainland China,” Balaam said.

Uighur diaspora in the crosshairs

Abduweli Ayup, a Uyghur linguist who lives in Norway and runs a website documenting missing and imprisoned Uyghurs in Xinjiang, said Badam Uyghur Keyboard, an app he used for five years, unleashed malware that allowed his mobile device to be hacked three times since 2017.

“China apparently infected apps that are used most by the Uyghur diaspora community, including Uyghur language learning apps, Uyghur keyboard apps, Arabic learning apps, and [ones] for communications like Skype [and] Telegram,” he told RFA. “This is a very serious situation. The most alarming thing is the negligence of some Uyghurs. [concerning] the problem of China infecting the applications they have been using with spyware.”

Responding to the report’s findings, Uyghur cybersecurity expert Abdushukur Abdureshit told RFA that the apps include sophisticated data-stealing features that collect personal information, photos and phone numbers and send them to another server.

“It is clear that the Chinese government is trying to control the Uighurs in exile by infecting the applications we use with much more sophistication and with less chance of discovering spyware in them,” he told RFA. “If our photos are stolen and where we go and sleep are monitored, and our phone records and information are collected, then that means they know everything about us.”

He suggested that Uyghurs download apps only from trusted sources such as the Google App Store because Google makes sure that all mobile apps it offers pass a security check and removes questionable ones.

Widespread surveillance system

Uighurs and other Turkic minorities living in Xinjiang have for years been subject to a widespread surveillance system that monitors their movements using drones, facial recognition cameras and mobile phone scans as part of China’s efforts to control the population.

A report on the arbitrary mass detentions and invasive surveillance of Uyghurs in Xinjiang released in late August by the United Nations human rights chief drew further international attention to human rights violations in Xinjiang. He said that China may have committed crimes against humanity in its treatment of the Uyghurs there.

On October 31, 50 countries, including the United States, submitted a statement to the UN General Assembly expressing concern about the “ongoing violations of the human rights of Uyghurs and other predominantly Muslim minorities” in China.

Translated by Mamatjan Juma for FRG Uyghur. Written in English by Roseanne Gerin. Edited by Malcolm Foster.

Leave a Reply

Your email address will not be published. Required fields are marked *