HOME
NEWS

Mobile Malware Disguised in Islamic Artifacts Targets Uyghurs for 7 Years


By VARINDIA - 2022-09-27
Mobile Malware Disguised in Islamic Artifacts Targets Uyghurs for 7 Years

Check Point Research (CPR) spots an ongoing, mobile malware campaign consistently targeting Uyghurs for seven years. Attributed to the actor Scarlet Mimic, the malware campaign most likely leverages sphere-phishing techniques disguised in Islamic and artifacts, such as books, pictures and audio files. The malware is capable of stealing data, tracking location, recording audio and sending SMS messages.

 

· Malware deletes logs of calls and texts afterwards

· Malware opens a decoy document to distract the victim from malicious actions

· CPR diagrams evolution of malware throughout the years

 

Check Point Research (CPR) sees an ongoing, mobile malware campaign that has consistently targeted Uyghurs for at least the past seven years. Attributed to the actor Scarlet Mimic, the malware campaign was disguised in multiple baits such as books, pictures, and even an audio version of the Quran.

 

Malware Capabilities

Steal data from the mobile device - files, browser history, device information

Track real-time geolocation

Record audio of calls and surroundings

Perform calls and send SMS messages on victim's behalf, deleting logs afterwards


Malware Distribution

CPR believes the malware is distributed via a form of spear phishing that includes trojanized files. The malware is disguised in lures such as books, pictures, and audio files connected to Uyghurs or to Islam. When the victim opens the lure, it actually launches the malicious application, opening a decoy document to distract the victim from malicious actions.

 

Malware Evolution

Throughout the years, some changes were introduced by the developers. A few of these changes were clearly developed to reduce the chances of the malware being detected by security solutions: the malware authors experimented with the ways to hide the malicious strings. The actors also added a few adjustments and features to gather more information from their victims’ devices.

 

Quote: Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software

“We discovered a mobile malware campaign consistently targeting Uyghurs for at least 7 years. The campaign has been very consistent during the years, with the last sample dated to middle of August 2022. The scale and the persistence of the campaign is remarkable.

 

Furthermore, the malware has a lot of active capabilities like calls and surround recording, real time geolocation and even the capability to conduct calls and send SMS messages by using the victim's phone. All this allows the threat actor behind the campaign to build a great intelligence picture around its targets.

 

We suspect the actor Scarlet Mimic is behind this espionage campaign. We will continue to monitor the situation.”

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA