China has hacked Uyghur-language mobile phones and infected users’ devices to further monitor the persecuted Muslim-majority group in the northern region of Xinjiang and other regions, according to a new report.
Researchers at the Threat Lab at a California-based computer and network security spy company have discovered two new surveillance tools they call BadBazaar and MOONSHINE Nisl Uyghurs in China and abroad.
The two tools can be used to track activities considered religious extremism or separatism by the authorities if Uyghurs use virtual private networks, or share VPNs with Muslims abroad, or use messaging apps like WhatsApp that are popular outside China, according to to announcewhich on Nov. 1
BadBazaar surrounds a new MAS surveillance tool that shares infrastructure with other previously disclosed Uyghur-ist-targeted tooling 2020 white paper issued by the intelligence threat intelligence team.
It ends up as a variety of Android APPS, such as battle managers, video players, radio apps, news apps, Uyghur-language dictionary, and religious apps.
They collect location information, lists of installed files, call logs and associated geocoded locations, phone calls and contacts, installed Android apps, SMS information, mobile device information, and Wi-Fi connection data, according to the report.
It gives command and control to the server
MOONSHINE uses updated variants of previously undetected tools Citizen Lab at the University of Toronto’s Munk School of Global Affairs & Public Policy As far as Tibetan activists can be observed in 2019.
It establishes a connection with a command and control server so that the malware can receive commands to perform various tasks such as recording phone activity, collecting contact information, downloading files, deleting SMS messages, capturing cameras and collecting data from social media. .
“BadBazaar and these new variants of MOONSHINE added to the already extensive collection of individual guards used in campaigns to track down and subsequently detain individuals in China,” the report said.
“Their continued progress and prevalence on Uyghur-language social media platforms indicate these ongoing campaigns and actors are inflicting threats on Uyghur communities online in order to distribute their malware,” he said.
Kristina Balaam, a Canada-staff security engineer and senior threat intelligence researcher, told RFA that the first examples of the use of the two surveillance tools were given in 2018.
“The malware samples we’re looking at are getting more sophisticated,” he told RFA. “They’re introducing new functionality. They try to make a better hideout where all the malicious functionality actually lives in the source code. Some of the hidden malicious functions in some of these later variants have become sophisticated.”
Investigators believe the malicious actors talk to and see Chinese people and work night time with Chinese government interests, she said.
“Yes, we suspect they are based in mainland China,” said Balaam.
Uyghur residents were targeted
Abduweli Ayup, a Uyghur linguist who lives in Norway and runs a website for missing documents and Uyghurs imprisoned in Xinjiang, told Badam Uyghur Savings, an app he had been using for five years loaded with malware that hacked his mobile device three times since 2017.
“China has apparently infected apps that the Uyghur community mainly uses, including Uyghur language learning apps, Uyghur keyboards, Arabic learning apps, and [ones] social communications, such as Cras [and] Telegram, RFA said. “This is a very serious situation. What is the terrible negligence of some Uyghurs? [concerning] “The issue of China infects apps with the use of spyware.”
In response to the report’s findings, Uyghur cybersecurity expert Abdushukur Abdureshit told RFA that the apps include identity theft apps that collect personal data, photos and phone numbers and send them to another server.
“It is clear that the Chinese government is trying to control the Uyghurs in exile, by infecting apps that we often use with much more sophistication, and it is less likely that a spy will find them,” RFA said. “If our images are stolen and we are reminded where we go and sleep, and our phone logs and information are collected, then it means they know everything about us.”
He suggested that Uyghurs only download movies from credible sources, such as the Google App Store, because Google ensures that all the mobile devices it offers, check the security and remove those that are questionable.
Marks everywhere system
Uyghurs and other Turkic minorities living in Xinjiang have for years been subject to a restricted system that monitors their movements through the use of drones, facial recognition cameras and mobile phone scans as part of China’s population control efforts.
A report on the mass arbitrary detentions and raids of detention of Uyghurs in Xinjiang issued in late August by the United Nations Human Rights Council brought more international attention to human rights violations in Xinjiang. China has said it may have committed crimes against humanity in its treatment of Uyghurs there.
On October 31, 50 countries, including the United States of America, submitted a statement to the UN General Assembly expressing concern about the “persistent human rights violations of Uyghurs and other predominantly Muslim minorities” in China.
Translated by Mamatjan Juma for RFA Uyghur. Written in English by Roseanne Gerin. Edited by Malcolm Foster.