7-year Android malware campaign targeting Uyghurs: Report

The Uyghur community has been targeted by an Android-based malware campaign for more than seven years, according to researchers at cybersecurity firm Check Point.

Sergei Shkevich, director of the threat intelligence group at Check Point Software, told The Record that the last sample they found dates back to mid-August 2022. The Android spy software is called MobileOrder and has been used in various forms since 2015.

The scale and persistence of the campaign is remarkable. Furthermore, the malware has a lot of active capabilities such as calls, surround recording, real-time geolocation, and even the ability to make calls and send SMS messages using the victim’s phone.”

All of this allows the threat actor behind the campaign to build an impressive intelligence picture around their targets. We suspect that Scarlet Mimic is behind this spy campaign but not much is known about who is behind this group. We will continue to monitor the situation.”

in Report Released Thursday, Check Point attributed the campaign to a group they dubbed “Scarlet Mimic.” The campaign uses spear-phishing techniques disguised as Islamic artifacts, such as books, photos and audio files.

One of the files the researchers viewed was an audio version of the Qur’an. Upon opening, the malware spreads, stealing victims’ data and tracking their locations. The malware can record audio through smartphones, send SMS text messages, extract browser history and delete actions directory.

Check Point was unable to associate the campaign with any specific country or group but indicated that a 2016 report from Palo Alto Networks About the same malware campaign. Palo Alto said their findings support an “assessment that includes the participation of a group or groups with similar motivations to the Chinese government’s stated position regarding these goals.”

Since 2016, the hackers behind the campaign have introduced several changes to reduce the chances of security software picking up malware. Check Point has found at least 20 different types of malware.

“CPR researchers are unable to determine whether the attacks were successful, but the fact that the group continued to develop and spread malware for many years indicates that it has been successful, at least, in some of its operations,” the researchers said.

“Most of the malicious applications we have observed have names in the Uyghur language, in their Arabic or Latin scripts. They contain various traps (documents, images or audio samples) with content related to the ethnic-geopolitical conflict centered around the Uyghurs in the far northwestern region of Xinjiang in China, Or with religious content that indicates the identity of Uyghur Muslims.”

One specimen had a photograph of Ilqut Alim, a member of a group of young Uyghurs based in Norway who advocated “China’s invasion of East Turkestan”.

Check Point found other samples linked to PDF versions of a military manual from al-Qaeda’s military wing and a prominent book from the current president of the World Uyghur Congress.

The The United States and some of its allies announced sanctions Against the Chinese government in December of Human rights violations against the Uyghur populationincluding the internment of millions of Uyghurs in forced labor and rehabilitation camps.

Facebook said last year that its security team had discovered and removed a network of Facebook accounts that were used by Chinese state-sponsored agents to hack and hack the devices of China’s Uighur minority, as well as Uighurs living abroad.

Check Point researchers said the campaign’s development was increasingly emblematic of actions other governments are taking.

“The shift of this threat group in attack vectors to the mobile sector provides evidence of the increasing trend of extensive monitoring operations being performed on mobile devices as the most sensitive and private assets,” the researchers explained.

Jonathan has worked as a journalist worldwide since 2014. Prior to returning to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. Previously he has covered cyber security at ZDNet and TechRepublic.


#7year #Android #malware #campaign #targeting #Uyghurs #Report

Leave a Comment

Your email address will not be published.