Seven-Year Mobile Surveillance Campaign Targets Uyghurs

Written by

Researchers have revealed a long-running surveillance and espionage campaign targeting one of China’s largest ethnic minority groups.

First discovered by Palo Alto Networks back in 2016, the “Scarlet Mimic” group was initially spotted targeting Uyghur and Tibetan rights activists. Although the Chinese government has long oppressed and spied on these and other minority groups in the country, there is currently no direct attribution of this group’s activities to Beijing.

Check Point explained in a new report this week that the mobile malware used by Scarlet Mimic actually dates back to 2015.

It has since tracked 20 variants of the MobileOrder Android spyware, the most recent dated mid-August this year.

“The malware is relatively unsophisticated from a technical standpoint. However, its capabilities allow the attackers to easily steal sensitive data from the infected devices, even perform calls or send an SMS and track their location in real-time,” said Check Point.

“This makes it a powerful and dangerous surveillance tool. This tool also allows audio recording of incoming and outgoing calls, as well as surround recording.”

The malware itself is thought to be hidden in applications with titles written in the Uyghur language, and disguised as PDF documents, photos or audio. It is spread via social engineering rather than being made available on the Google Play Store, Check Point said.

“When the victim opens the decoy content, the malware begins to perform extensive surveillance actions in the background. These include stealing sensitive data such as the device information, SMS messages, the device location, and files stored on the device,” the report continued.

“The malware is also capable of actively executing commands to run a remote shell, take photos, perform calls, manipulate the SMS, call logs and local files, and record the surround sound.”

Check Point urged anyone who may be a target for this campaign to install anti-malware software on their device, use a VPN and be wary of clicking on suspicious links.

“Scarlet Mimic seems to be a politically motivated group. In the past, there have been reports from other researchers that it could be linked to China,” the vendor concluded.

“If true, it would make these surveillance operations part of a much wider issue, as this minority group has reportedly been on the receiving end of attacks for many years.”

Beijing is on the defensive at the UN this week after a long-awaited report from the UN Human Rights Office corroborated evidence of serious human rights violations against Uyghur and other ethnic minority groups in the Xinjiang region.

What’s hot on Infosecurity Magazine?