Spyware Tied to China Targets Apps Used by Uyghurs, Cybersecurity Firm Says

tech.hindustantimes.com:

Nearly a third of Uyghur-language Android apps shared on social media platforms or downloaded from third-party app stores since July are infected with spyware, according to research provided exclusively to Bloomberg News.

The apps are predominately infected by two new malware strains that secretly enable hackers to access and transmit private photos, messages and contacts, according to researchers at the San Francisco-based cybersecurity firm Lookout Inc. The company is scheduled to publish its findings later on Thursday.

Different types of malware have targeted Uyghurs with cyber-espionage for about a decade, but the new campaigns are much broader in scope and sophistication, said Kristina Balaam, a staff threat intelligence researcher at Lookout. The new malware is hidden in more apps than before and harder to detect, she said.

The attackers, Balaam said, are “very, very active.”

“People are still being actively targeted and compromised,” she said.

Because Google Play is blocked to Android users in China, many users download apps from “sketchy, unofficial app stores” or from links that circulate on platforms such as Telegram that turn out to be infected, she said. Lookout's research found that Uyghurs living abroad -- who often delete popular Chinese apps such as TikTok and WeChat to avoid surveillance -- may also have had their phones infected by downloading apps from unofficial platforms or by opening malicious links. Some devices in Turkey were compromised, Balaam said.

Lookout's researchers believe the attackers are Chinese because some of the infrastructure overlaps with past Uyghur surveillance campaigns tied to China. In addition, Mandarin language was discovered on one of the servers used in the attacks, she said.

Liu