Chinese-state sponsored hackers have been using Android spyware tools to target ethnic minority groups particularly Uighurs, Tibetans, and Muslims, across 15 countries which include Malaysia, Turkey, Indonesia and Kazakhstan.
First discovered by mobile cybersecurity providers Lookout, the primary aim of these apps is to track, gather and exfiltrate personal user data to attacker-operated command-and-control servers, with the surveillance attributed to the Chinese government’s national security and counter-terrorism efforts.
Threat researchers state the spyware exploits the victim’s Android device through targeted phishing and fake-third party app stores. It had also been found that the malware was in ten different languages: Uighur, English, Arabic, Chinese, Turkish, Pashto, Persian, Malay, Indonesian, Uzbek and Urdu/Hindi.
The San Francisco based company named the four Android survellianceware tools SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle, and found that these interconnected malware tools are elements of a much larger mAPT (mobile advanced persistent threat) campaign originating in China, with activity of these surveillance campaigns been observed as far back as 2013.
Lookout also noted that past activity of this mAPT is connected to previously reported desktop APT activity in China, which is linked to GREF, a China-based threat actor also known as APT15, Ke3chang, Mirage, Vixen Panda and Playful Dragon.
It was also revealed that many samples of these malware tools were trojanized legitimate apps, i.e., the malware maintained complete functionality of the applications they were impersonating in addition to its hidden malicious capabilities.
Out of the list of countries targeted by the hackers, 12 are said to be on the Chinese government’s official list of “26 Sensitive Countries,” which according to public reporting, are used by authorities as 5 targeting criteria.
Muslim minorities have been widely persecuted suppressed in China and, in the Xinjiang region, they are being forced into government-mandated concentration camps in an attempt to “re-educate” them.
