IT security researchers find 2 new surveillance tools that target Uyghur mobile apps — Radio Free Asia

China has hacked Uyghur-language mobile apps and infected users’ devices to continue monitoring the persecuted predominantly Muslim group in its northwestern Xinjiang region and other countries, according to a new report.

Researchers at the Threat Lab at California-based computer and network security company Lookout have discovered two new surveillance tools they call BadBazaar and MOONSHINE that target Uyghurs in China and abroad.

The two tools can be used to track activities that authorities consider indicative of religious extremism or separatism when Uyghurs use virtual private networks, or VPNs, communicate with Muslims abroad, or use messaging apps such as WhatsApp, which are popular outside of China, according to the to reportwhich was published on November 1.

BadBazaar is a new Android surveillance tool that shares infrastructure with other previously identified Uyghur-targeted tooling, which in a 2020 White Paper issued by Lookout’s threat intelligence team.

It disguises itself as a variety of Android apps, such as battery managers, video players, radio apps, messaging apps, Uyghur language dictionaries, and religious apps.

They collect location information, lists of installed packages, call logs and their associated geocoded locations, phone calls and contacts, installed Android apps, SMS information, information about mobile devices and Wi-Fi connection data, according to the report.

Command-and-control server gives orders

MOONSHINE uses updated variants of a previously released tool discovered by Citizen Lab at the University of Toronto’s Munk School of Global Affairs & Public Policy and observed to target Tibetan activists in 2019.

Also Read :  Iranians see widespread internet blackout amid mass protests | News

It establishes a connection with a command-and-control server so that the malware can receive commands to perform various functions such as recording phone calls, collecting contact information, retrieving files, downloading SMS messages, capturing cameras and collecting data from social media apps. .

“BadBazaar and these new variants of MOONSHINE add to the already extensive collection of unique surveillance ware used in campaigns to monitor and subsequently detain individuals in China,” the report said.

“Their continued development and prevalence on Uyghur-language social media platforms indicate that these campaigns are ongoing and that threat actors have successfully infiltrated online Uyghur communities to distribute their malware,” it said.

Kristina Balaam, a Canada-based staff security intelligence engineer and senior threat researcher at Lookout, told RFA that the earliest sample of use of the two surveillance tools date to 2018.

The malware samples we’re looking at are becoming more sophisticated,” she told RFA. “They’re introducing new functionality. They try to do a better job of hiding where all the malicious functionality actually lives in the source code. Hiding some of the malicious functionality has become more sophisticated in some of these later variants.

Researchers are confident that the malicious actors are Chinese-speaking and appear to be working in line with Chinese government interests, she said.

Also Read :  Space race to connect satellites to phones with Apple, SpaceX, AT&T

“So, we at least suspect they are based in mainland China,” Balaam said.

Uyghur diaspora targeted

Abduweli Ayup, a Uyghur linguist who lives in Norway and runs a website documenting missing and imprisoned Uyghurs in Xinjiang, said Badam Uyghur Keyboard, an app he’s used for five years, released malware that allowed his mobile device to be hacked three times since 2017.

“China has apparently infected the apps most used by the Uyghur diaspora community, including Uyghur language learning apps, Uyghur keyboard apps, Arabic learning apps, and [ones] for communications such as Skype [and] Telegram,” he told RFA. “This is a very serious situation. What is most alarming is the negligence of some Uyghurs [concerning] the issue of China infecting the apps they used with spyware.

In response to the report’s findings, Uyghur cybersecurity expert Abdushukur Abdureshit told RFA that the apps contain sophisticated data-stealing features that collect personal information, photos and phone numbers and send them to another server.

“It is clear that the Chinese government is trying to control the Uyghurs in exile by infecting the apps we often use with much more sophistication and less probability of detecting the spyware in them,” he told RFA. “If our photos are stolen and where we go and sleep are monitored, and our phone logs and information are collected, that means they know everything about us.”

Also Read :  LA County launches mobile medical clinics for homeless

He suggested that Uyghurs download apps only from credible sources, such as the Google App Store, because Google guarantees that all the mobile apps it offers pass a security check and deletes the dubious ones.

Pervasive surveillance system

Uyghurs and other Turkic minorities living in Xinjiang have for years been subject to a pervasive surveillance system that monitors their movements through the use of drones, facial recognition cameras and cellphone scanners as part of China’s efforts to control the population.

A report on mass arbitrary detentions and invasive surveillance of Uyghurs in Xinjiang, issued at the end of August by the United Nations human rights chief, brought more international attention to human rights violations in Xinjiang. It said China may have committed crimes against humanity in its treatment of the Uyghurs there.

On October 31, 50 countries, including the United States, submitted a statement to the UN General Assembly expressing concern about the “persistent human rights violations of Uyghurs and other predominantly Muslim minorities” in China.

Translated by Mamatjan Juma for RFA Uyghur. Written in English by Roseanne Gerin. Edited by Malcolm Foster.


Leave a Reply

Your email address will not be published.