Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

Lookout research: mobile APT surveillance campaigns targeting Uyghurs

SEC0520-cyber-Feat-slide1_900px
July 2, 2020

The Lookout Threat Intelligence team has discovered four Android surveillanceware tools, which they named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle. These four interconnected malware tools are elements of much larger mAPT (mobile advanced persistent threat) campaigns originating in China, and primarily targeting the Uyghur ethnic minority, says the team.

Activity of these surveillance campaigns has been observed as far back as 2013.

According a blog, titled Multiyear Surveillance Campaigns Discovered Targeting Uyghurs, Lookout Threat Intelligence team members Apurva Kumar, Christoph Hebeisen, Kristin Del Rosso, write that the main goal of these apps is to "gather and exfiltrate personal user data to attacker-operated command-and-control servers. Each malware tool has its own unique data gathering priorities and techniques," as detailed in the full report. Many samples of these malware tools were trojanized legitimate apps (i.e., the malware maintained complete functionality of the applications they were impersonating in addition to its hidden malicious capabilities.)

Lookout has found evidence that the malware predominantly targeted Uyghurs, but also, to a lesser extent, Tibetans. These two groups are reportedly the main focus of China’s “counter-terrorism” activity. Titles and in-app functionality of samples, such as “Sarkuy” (Uyghur music service), “TIBBIYJAWHAR” (Uyghur pharmaceutical app) and “Tawarim” (Uyghur e-commerce site) show that the majority of this activity focused on Uyghurs.

 

Image courtesy of Lookout. 

"The Chinese government’s “Strike Hard Campaign against Violent Terrorism” (严厉打击暴力恐怖活动专项行动),which launched in mid-2014, led to the creation of the National Security Strategic Guidelines, the National Security Law and the Counterterrorism Law in 20153. We noticed that there was a dramatic increase in the number of samples we observed after these directives and initiatives were enacted. As described in our report, the past activity of this mAPT is connected to previously reported desktop APT activity in China4, which is linked to GREF, a China-based threat actor also known as APT15, Ke3chang, Mirage, Vixen Panda and Playful Dragon," the team reports. 

In addition, the team noticed that campaigns by this mAPT are also active outside of China, based on the languages and services targeted by the malware samples. For example, titles such as “Turkey Navigation”, “A2Z Kuwait FM Radio”, ” اخبار سوريا” (“Syria(n) News”) may suggest targets in Turkey, Kuwait and Syria respectively.

"Our research found that at least 14 different countries may be affected by the campaigns. 12 of these are on the Chinese government’s official list of “26 Sensitive Countries,” which according to public reporting5, are used by authorities as targeting criteria," says the team. "There are at least four other Android tools in the same mAPT actor’s mobile surveillance arsenal. They are publicly known as HenBox6, PluginPhantom7, Spywaller8, and DarthPusher9, which have been previously observed targeting Chinese-speaking individuals and those of the Uyghur ethnic minority. The surveillance apps of these campaigns were likely distributed through a combination of targeted phishing and fake third-party app stores. They are not available on Google Play. Users of the Lookout mobile security products are protected from these threats," concludes the team. 

For the full report, visit https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf

KEYWORDS: advanced persistent threat cyber security information security malware surveillanceware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0320-cyber-feat-slide1_900px.jpg

    Lookout Research: Nation-State Mobile Malware Targets Syrians with COVID-19 Lures

    See More
  • coronavirus

    Lookout Research: Commercial Surveillanceware Operators Latest to Take Advantage of COVID-19

    See More
  • Virus Detected

    BlackBerry Report: Decade of the RATs - Novel APT Attacks Targeting Linux, Windows and Android

    See More

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing