Security News > 2020 > July > Chinese Hackers Target Uyghurs With Multiple Android Surveillance Tools
For seven years, a Chinese threat actor has targeted the Uyghur ethnic minority with several malware families, including newly identified Android surveillance tools, mobile security firm Lookout reports.
Malicious attacks focusing on Uyghurs are not new, with several of them publicly detailed over the years, targeting users of Windows PCs, Macs, and mobile devices.
An advanced Android remote access tool, DoubleAgent has been around since at least 2013 and has been used "Exclusively against groups with contentious relationships with the Chinese government." Samples observed in the past year show that the threat actor has continued evolving the malware and the leveraged infrastructure, despite maintaining the same targeting, Lookout points out.
GoldenEagle appears designed to target "Primarily Uyghurs and Muslims in general, as well as Tibetans, individuals in Turkey, and in China." The earliest identified sample is dated 2012, while the most recent is from April 2020, and the malware's code was found in a broad range of applications, divided into two categories based on the exfiltration method: over HTTP and SMTP. Based on the names and functionality of the trojanized apps, most of the GoldenEagle samples target the Uyghur minority: music service Sarkuy, e-commerce site Tawarim, input keyboard uyhurqa kirgvzvx, pharmaceutical app TIBBIYJAWHAR, Uyghur Quran, and others.
Overall, the threat actor targeted at least 14 different countries, including 12 that the Chinese government placed on a list of "26 Sensitive Countries."
News URL
Related news
- Hackers steal banking creds from iOS, Android users via PWA apps (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign (source)