Hackers are targeting members of the ever-repressed minority Uyghur community in western China by trying to get users to download a fake app version of a book released by a prominent Uyghur activist.
In a report released Monday by the cybersecurity firm Cyble, cybersecurity researchers said the Android app-based malware is designed to look like the personal memoir of World Uyghur Congress President Dolkun Isa titled The China Freedom Trap. The malware had an icon designed to look like the cover page, and opening the app reportedly displayed a pdf of the cover page and introduction of the book. In reality, the application contained spyware with the capacity to steal users’ text, call, and contact data. The malicious spyware could also take screenshots and pictures of the device in-use.
The researchers did not identify who created the malicious app, though they did say it seemed designed to confuse and inject infectious software into the Uyghur community and into the devices of potential supporters. Researchers did not say how many times the malicious app could have been downloaded. Otherwise, the app was designed to “take advantage of the Uyghur-Chinese conflict to target unsuspecting individuals.”
The WUC also warned its followers about the malicious software on Tuesday. Gizmodo reached out to the WUC for further comment, but we did not immediately hear back.
The app was distributed outside the Google Play store (though unlike Apple, Android devices allow users to access apps not available on the official store) and even included a letter to Isa sent by then-U.S. ambassador Michael Kozak and former international religious freedom ambassador Sam Brownback in 2018.
Isa’s book is a biography of the WUC president’s work defending the Turkik Uyghur community against repressive tactics by the Chinese government. According to a press release published when the book was first released, Isa wrote that Beijing has tried multiple ways to “disrupt and discredit” him and Uyghur activism, including an attempted extradition to China.
The timing also shows quick timing on the part of the malware developers. The China Freedom Trap was released a little more than a month ago, so the malware could have been released anywhere between then and now. Cyble wrote the spyware was first spotted by MalwareHunterTeam, which tweeted about the supposed malware toward the end of last month. Certificate data shows the app could be dated back to July.
The Chinese government has been cited multiple times for extreme human rights abuses on the long-suffering Uyghur ethnic population, located mainly in the western Chinese Xinjiang province. A long-anticipated UN report released last week gave enormous credence to reports of reeducation centres, family separations, and prison sentences targeting the predominantly Muslim community.
Past reports show China has dug deep into its surveillance and hacking capabilities to target both the Uyghur community and those advocating for the minority group. Reports from 2019 showed Chinese-affiliated hackers had wormed their way into telecom systems across multiple countries that play host to transient Uyghur populations in order to better track some individuals whereabouts. Beijing has poured massive GPS resources into enforcing a kind of “police state” on the ethnic minority.