Security News > 2020 > July > Chinese Hackers Target Uyghurs With Multiple Android Surveillance Tools

For seven years, a Chinese threat actor has targeted the Uyghur ethnic minority with several malware families, including newly identified Android surveillance tools, mobile security firm Lookout reports.

Malicious attacks focusing on Uyghurs are not new, with several of them publicly detailed over the years, targeting users of Windows PCs, Macs, and mobile devices.

An advanced Android remote access tool, DoubleAgent has been around since at least 2013 and has been used "Exclusively against groups with contentious relationships with the Chinese government." Samples observed in the past year show that the threat actor has continued evolving the malware and the leveraged infrastructure, despite maintaining the same targeting, Lookout points out.

GoldenEagle appears designed to target "Primarily Uyghurs and Muslims in general, as well as Tibetans, individuals in Turkey, and in China." The earliest identified sample is dated 2012, while the most recent is from April 2020, and the malware's code was found in a broad range of applications, divided into two categories based on the exfiltration method: over HTTP and SMTP. Based on the names and functionality of the trojanized apps, most of the GoldenEagle samples target the Uyghur minority: music service Sarkuy, e-commerce site Tawarim, input keyboard uyhurqa kirgvzvx, pharmaceutical app TIBBIYJAWHAR, Uyghur Quran, and others.

Overall, the threat actor targeted at least 14 different countries, including 12 that the Chinese government placed on a list of "26 Sensitive Countries."

News URL

http://feedproxy.google.com/~r/Securityweek/~3/6NisqYF7IHc/chinese-hackers-target-uyghurs-multiple-android-surveillance-tools