BEIJING: Cybersecurity researchers uncovered two new surveillance campaigns that are targeting Uyghurs in China and abroad including messaging services, prayer time apps and dictionaries, according to Lookout report citing its Threat Lab.
The two new surveillance campaigns are named as BadBazaar and MOONSHINE by the researchers on Thursday. The other employs a previously disclosed tool, MOONSHINE, which was discovered by Citizen Lab and observed targeting Tibetan activists in 2019.
The surveillance and detainment campaigns against Uyghurs and other Turkic ethnic minorities have been operational for years but it got the highlight when the United Nations Human Rights Commissioner, Michelle Bachelet released her report in August which stated that China has committed "serious human rights violations" against the Uyghur and "other predominantly Muslim communities" in Xinjiang Uyghur Autonomous Region (XUAR).
Published on Bachelet's final day of her four-year term in office, the report said that the violations have taken place in the context of the Chinese Government's assertion that it is targeting terrorists among the Uyghur minority with a counter-extremism strategy that involves the use of so-called Vocational Educational and Training Centres (VETCs), or re-education camps.
On October 31, 2022, about 50 countries submitted a joint statement to the UN General Assembly condemning the Chinese government's oppression of Uyghurs and other Turkic peoples in East Turkistan. The joint statement was issued on Monday and is the largest group of states publicly condemning China's ongoing atrocities in East Turkistan, reported East Turkistan Government in Exile (ETGE).
Mobile surveillance tools like BadBazaar and MOONSHINE can be used to track many of the "pre-criminal" activities, actions considered indicative of religious extremism or separatism by the authorities in Xinjiang. Some activities that may result in a user being detained include using a VPN, communicating with practicing Muslims abroad, using religious apps, and using certain messaging apps like WhatsApp that are popular outside of China, the report by the San Francisco-based cloud security firm reads.
BadBazaar and these new variants of MOONSHINE add to the already extensive collection of unique surveillance ware used in campaigns to surveil and subsequently detain individuals in China.
Their continued development prevalence on Uyghur-language social media platforms indicates that ate these campaigns are ongoing and that the threat actors have successfully infiltrated online Uyghur communities to distribute their malware.
The campaign appears to primarily target Uyghurs in China. However, we found evidence of broader targeting of Muslims and Uyghurs outside of Xinjiang. Specifically, several of the samples we analyzed masqueraded as mapping apps for other countries with significant Muslim populations, like Turkey or Afghanistan.
We also found that a small subset of apps was submitted to the Google Play store, indicating that the threat actor was interested in targeting Android device users outside of China, if possible. To the best of our knowledge, the apps described in this article were never distributed through Google Play, according to the report.