Sept 23 – Check Point Researchers recently observed a new wave of a long-standing malware campaign targeting the Uyghur community, a Turkic ethnic group originating in Central Asia and one of the largest minority ethnic groups in China.

The malicious activity by a threat actor known as Scarlet Mimic was first documented in 2016, after a campaign that targeted Uygur and Tibetan minority rights activists. In the past, reports indicated that the campaign could be linked to the Chinese government, which has previously been accused of hacking and surveilling Uyghurs.

Since then, Check Point Research (CPR) has monitored the cyber attackers’ 20 different variations of Android malware. In some cases, malware has been disguised within audio books and images. It has also been identified in an audio version of the Quran.

From a technical standpoint, the malware is considered relatively unsophisticated. Nonetheless, its capabilities enable attackers to steal sensitive information from infected devices, engage in calls, send phony SMS messages and track locations. It can also record incoming and outgoing calls and ambient audio. In turn, the malware functions as a powerful and dangerous surveillance tool.

Read through CPR’s report, which offers a technical analysis and describes the evolution of the malware campaign across the past seven years. While an element of this campaign was briefly mentioned in Cyble’s publication as an isolated and unattributed incident, the CPR team managed to put the whole campaign into perspective and highlights almost a decade’s worth of surveillance within the Uyghur community.

For a non-technical analysis of the campaign, click here. For a more technical deep-dive, click here. Lastly, to receive cutting-edge cyber security news, interviews, expert analyses and leading security resources, please sign up for the CyberTalk.org newsletter.