IT security researchers have found numerous apps that are used to spy on China’s Muslim Uyghur minority – even abroad.
The Muslim Uyghur minority in China lives in a surveillance state: like that among others SZ Beijing has installed thousands of surveillance cameras in the cities of the Xinjiang region, Uighurs are being put into re-education camps. Just a few days ago, the AP news agency reported that China is also trying to keep the Muslim population under control with drastic birth control.
In 2013 and 2014 there were two attacks for which Uyghur separatists were responsible. In response, China’s leadership announced the “crackdown on terrorism” campaign in 2014. Since then, China has taken increasingly draconian measures in Xinjiang to control the Uighurs.
US IT security researchers at Lookout are now reporting on another form of control, which apparently has been taking place since 2013 and has been expanded ever since. According to this, Uighurs and other minorities are also monitored via their smartphones. In their report, the researchers identify eight spy apps that apparently primarily target the Uyghur minority in the country, but also pursue Uyghurs who have fled abroad. Other Muslims and Tibetans have also been spied on with the apps, but the main target group is apparently Uighurs. This is indicated by both the system languages used and the file names used in the apps. In one of the apps, the researchers found references to the golden eagle (Golden Eagle) used for hunting in the Uyghur region of Xinjiang, as well as other regional features.
Hidden in Facebook, Twitter or keyboard apps
The malware was also distributed via websites and apps that Uyghurs should be primarily interested in, such as a Uyghur keyboard app or an Uyghur music service. The malware was also hidden in manipulated versions of apps such as Twitter, Facebook or the VLC media player. The malware, called “GoldenEagle” by the researchers, was able to take phone calls, take screenshots and photos, and send files from the device to the attackers. According to the researchers, the apps examined had overlapping pieces of code and used shared infrastructure to control the malware or to exfiltrate data, an indication that they were controlled by a single attacker.
It is not a big surprise that China’s Uyghur population is also monitored using smartphones and other digital devices. An investigation of the Süddeutsche Zeitung In summer 2019, the Ruhr-Universität Bochum and other media showed that tourists who enter West China across borders must also expect their smartphones to be bugged. However, the Lookout report shows how broad the effort is and that surveillance is not limited to China. “No matter where the Chinese Uighurs go, whether to Syria, Turkey or Indonesia, the software will follow them there,” quotes the New York Times one of the scientists involved in the report. A malware called “SilkBean” was therefore used to recreate Uighurs in Turkey, Syria, Kuwait or Indonesia.
As is almost always the case with digital espionage, there is no 100 percent proof that the surveillance software and the infrastructure behind it are actually controlled by the Chinese state. But there are a number of strong indications. The use of espionage apps increased dramatically shortly after the fight against terrorism announced by the Chinese leadership in 2014. The backers of the malware campaign also have a lot of staying power and very good equipment, all indications that they are at least supported by the state.
According to the researchers, many versions of the malware were also found in the environment of a Chinese armaments company that advertised surveillance tools in 2015. In 2018, the company opened a branch – in Xinjiang.