Check Point security researchers have uncovered an ongoing phishing campaign targeting the Muslim minority in western China. The mobile malware, distributed via spear phishing campaigns, aims to monitor the Uyghurs. An analysis by Check Point.
Check Point Research, the research arm of Check Point Software Technologies Ltd., a leading global provider of cyber security solutions, emphasizes that there is no indication that any country is behind the espionage. However, some other security researchers claim that China is once again behind the attack against the Uyghurs, as the Chinese leadership has been repeatedly accused of carrying out physical and virtual attacks against the religious minority.
Targeted at Uyghurs
This time it's a spear phishing campaign executed via mobile and smartphone malware that is currently active. The actor behind it is said to be the Scarlet Mimic hacker group. Contaminated files from Islamic books, pictures and an audio book version of the Koran serve as bait. The malware is capable of stealing data from the infected device - including browser history and device information - real-time location, recording calls and surrounding sounds, making calls and sending SMS on behalf of the cell phone owner . To disguise itself, the malware deletes the call and message lists after the latter two actions. It also opens a fake document to distract the user.
Check Point's security researchers have also noticed that the malware has improved over the past few years. Some changes served to better camouflage against security solutions, as the developers were probably experimenting with better hiding the malicious command lines. Alongside this, some improvements focused on making the malware a better thief, allowing it to steal more data.
Malware in use for 7 years
Check Point Research believes the malware is distributed through a spear phishing campaign and delivered to devices infected with Trojans via files. Upon opening the file, the malware application immediately starts and opens the said document to distract the user.
Sergey Shykevich, Threat Intelligence Group Manager at Check Point, states: “We have detected a mobile malware campaign that has been consistently targeting Uyghurs for at least 7 years. The campaign has been very consistent over the years, with the latest example dating to mid-August 2022. Incidentally, the scale and persistence of the campaign is remarkable. All of their features allow the criminals behind the campaign to build a comprehensive picture of the targets. We suspect that the Scarlet Mimic group is behind this espionage, but we don't know much about who is behind this group. However, we will monitor the situation.”
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.