Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals.

Images of apps spoofed for malicious activities
Source: Lookout

As part of its widely documented, brutal suppression of Muslim Uyghur populations, the Chinese government has been deploying spyware to hunt down what it deems to be "religious extremists" and detain them.

Researchers at Lookout Threat Labs reported People's Republic of China-backed threat groups have widely distributed spyware called BadBazaar and Moonshine across Uyghur-language sites and social media. The spyware is trying to catch what Lookout's report ominously called "pre-crimes," like using a VPN, Muslim religious apps, or even WhatsApp.

Notably, these malicious apps attract Uyghur-speaking people across the globe, not just inside China.

One campaign Lookout documented distributed a link from the Twitter handle @MalwareHunterTeam that appeared to be a legitimate English-Uyghur dictionary application, but was instead loaded with malware. The Lookout team was able to trace the malicious app back to the Chinese-backed group APT15.

In all, the researchers found more than 100 BadBazaar samples scattered across Uyghur-language communications channels.

Phony Apps, Long-Term Consequences

The new report is yet another reminder that it's critical for users to be careful about what they download and to be aware that they may be targeted by sophisticated phishing lures, Darren Guccione, CEO of Keeper Security, explains to Dark Reading.

"Malware disguised as legitimate applications can have devastating and long-term adverse consequences, particularly when used for espionage to propagate human rights abuses," Guccione says. "These phony apps can unknowingly collect a host of information from location data to text messages, photos, and phone calls."

Kristina Balaam, staff security intelligence engineer at Lookout, adds that users should stick with reputable sources for their applications.

"If you're unable to download an app you want on Google Play, for example, there's probably a good reason for that," Balaam tells Dark Reading. "The official app stores go through vigorous vetting processes to ensure consumers are downloading apps that are safe and free from malware and other threats that can cause damage. Once consumers start looking for workarounds, they could be unintentionally exposing themselves to malicious threats."

For Uyghurs, downloading the wrong applications can mean arrest or worse. On Oct. 31, 50 countries issued a joint statement denouncing the Chinese government's ongoing human rights abuses against Uyghur populations.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights