Two Malware Variants Linked to China Infect Uyghur-language Apps, as Per Cybersecurity Research

The attacks are extremely active!

Over a third of Uyghur-language Android applications disseminated through social media or downloaded from unofficial app stores since July are infected with malware. This is based on the data obtained by Bloomberg.

Researchers at the San Francisco-based cybersecurity company Lookout Inc. found two new malware variants responsible for infecting the apps. These allow cybercriminals to discreetly view and transfer users' private pictures, chats, and contacts.

Recent Attacks

Cyber-espionage tactics aimed against Uyghurs have been going on for almost a decade, using a variety of viruses. Still, the latest attacks are larger and more sophisticated, according to Lookout's Staff Threat Intelligence Researcher Kristina Balaam.

She asserted that the new virus is more difficult to spot since it is buried in a wider variety of programs, while the attacks managed to be extremely active.

"People are still being actively targeted and compromised," Balaam warned.

Bloomberg reported that many targeted applications feature Uyghur-language dictionaries, translation, and keyboards that type Uyghur script.

Other infected programs on Uyghur-language social media platforms and download stores include battery management, video players, radio, GPS, and religious texts.

Infected app stores have infiltrated chat applications like Telegram, Balaam claimed.

The Accused

Android users in China cannot access Google Play, so they rather download software from sketchy, unlicensed app stores or from potentially malicious links shared on messaging apps like Telegram, Balaam added.

As per Lookout's findings, Uyghurs residing overseas may have downloaded harmful applications from unauthorized marketplaces or clicked on unsafe links. Meanwhile, they reportedly delete popular Chinese apps like TikTok and WeChat to evade monitoring.

Balaam claimed that several Turkish smartphones had been hacked.

Lookout's analysts have concluded that the attackers are Chinese since their infrastructure is similar to that used in previous Uyghur surveillance efforts that have been linked to China. Especially they found that one of the servers utilized in the attack included Mandarin language files.

Liu Pengyu, the spokeswoman for the Chinese Embassy in Washington, stated the nation condemns any sort of cyber assaults.

Some Uyghurs residing outside China told Bloomberg they were surprised by the scope of the alleged malware campaign.

Malware Strains

The latest malware family is called BadBazaar. It was initially spotted in late 2021, samples date back to 2018, and it is still prevalent today, notably in a popular prayer app called Quran Majeed.

The second malware family is Moonshine, which was initially exposed in 2019 by Toronto's Citizen Lab. According to them, it was used in WhatsApp phishing assaults against Tibetans.

By tracing three Moonshine web servers, Balaam claimed researchers determined 637 devices downloaded the compromised software.

However, researchers have yet to be able to access BadBazaar's infrastructure.

The organization shared its results with Google, Apple, and others before publication and submitted take-down requests to rogue sites.

Balaam advises downloading applications only from Apple or Google.

This article is owned by Tech Times

Written by Trisha Kae Andrada

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics