Two malware variants linked to China are infecting Uyghur apps, according to cybersecurity research
Over a third of Uyghur Android applications spread through social media or downloaded from unofficial app stores since July are infected with malware. This is based on data obtained by Bloomberg.
Researchers at San Francisco-based cybersecurity company Lookout Inc. found two new malware variants responsible for infecting the apps. These allow cybercriminals to discreetly view and transfer users’ private photos, chats and contacts.
Recent attacks
Cyber espionage tactics targeting Uyghurs have been going on for nearly a decade, using a variety of viruses. Still, the latest attacks are larger and more sophisticated, according to Lookout’s Staff Threat Intelligence Researcher Kristina Balaam.
She claimed that the new virus is more difficult to detect since it is buried in a wider variety of programs, while the attacks managed to be extremely active.
“People are still being actively targeted and compromised,” Balaam warned.
Bloomberg reported that many targeted applications have Uyghur dictionaries, translation and keyboards that write Uyghur script.
Other infected programs on Uyghur-language social media platforms and download stores include battery management, video players, radio, GPS, and religious texts.
Infected app stores have infiltrated chat applications such as Telegram, Balaam claimed.
See also: New Ducktail Malware Version Steals Facebook Data – How to Protect Your Account
The accused
Android users in China don’t have access to Google Play, so they instead download software from sketchy, unlicensed app stores or from potentially harmful links shared on messaging apps like Telegram, Balaam added.
According to Lookout’s findings, Uighurs living abroad may have downloaded malicious applications from unauthorized marketplaces or clicked on unsafe links. Meanwhile, they reportedly deleted popular Chinese apps such as TikTok and WeChat to avoid surveillance.
Balaam claimed that several Turkish smartphones had been hacked.
Lookout’s analysts have concluded that the attackers are Chinese since their infrastructure is similar to that used in previous Uyghur surveillance efforts that have been linked to China. In particular, they found that one of the servers used in the attack included Mandarin language files.
Liu Pengyu, the spokeswoman for the Chinese Embassy in Washington, stated that the nation condemns any form of cyber attack.
Some Uighurs living outside China told Bloomberg they were surprised by the scale of the alleged malware campaign.
Malicious software
The latest malware family is called BadBazaar. It was first discovered in late 2021, samples date back to 2018, and it is still widespread today, especially in a popular prayer app called Quran Majeed.
The other malware family is Moonshine, which was originally disclosed in 2019 by Toronto’s Citizen Lab. According to them, it was used in WhatsApp phishing attacks against Tibetans.
By tracking three Moonshine web servers, Balaam claimed, researchers determined that 637 devices downloaded the compromised software.
However, researchers have yet to gain access to BadBazaar’s infrastructure.
The organization shared its results with Google, Apple and others before publication and submitted takedown requests to rogue sites.
Bileam recommends downloading applications only from Apple or Google.
Related story: Meta finds over 400 malicious apps spreading malware on Facebook
This article is owned by Tech Times
Written by Trisha Kae Andrada
ⓒ 2022 TECHTIMES.com All rights reserved. Do not reproduce without permission.
