Chinese Hackers Used Facebook To Target Uyghurs With Powerful iPhone And Android Spyware

Author image

Thomas Brewster   Forbes U.S. Staff

Chinese Hackers Used Facebook To Target Uyghurs With Powerful iPhone And Android Spyware

Photo: Alexander Shatov/ Unsplash

Facebook is trying to fight back against attacks on Uyghur activists, allegedly carried out by Chinese hackers who are wielding potent Android and iPhone malware, the social networking giant announced Wednesday.

Using Facebook, the group, previously dubbed “Evil Eye,” set up fake accounts posing as pro-Uyghur activists and journalists covering their cause. After creating a rapport with their targets, they then sent users links to either malicious websites that were hacked and laced with iOS malware, or to websites they’d created with domains that looked like those of popular Uyghur and Turkish news sites. But the majority of the malicious activity took place outside of Facebook, explained Nathaniel Gleicher, head of security policy at Facebook.

The attacks took place across 2019 and 2020. Targets included activists, journalists and dissidents predominantly among Uyghurs living abroad in the United States, Australia, Canada and Middle Eastern and Central Asian countries. Gleicher said the company is informing those affected. He added that this was “supertargeted” espionage, with targets numbering below 500 on Facebook, and was the inverse of what the social network has seen in broad disinformation campaigns on Facebook. As an indicator of just how targeted the attacks were, the hackers’ code would only install the iPhone malware on a device when they met certain criteria, such as geolocation and language.

Some of the tainted websites contained JavaScript code that resembled previously reported exploits that had installed iOS malware known as INSOMNIA on victims’ devices. On the Android side, the hackers created rogue Android app stores where they published Uyghur-themed applications, including a prayer app. Facebook also said that it found two Chinese companies were the developers behind some of the Android malware.

Facebook hoping for deterrent

Mike Dvilyanski, Facebook’s head of cyberespionage investigations, told Forbes the malware was “fairly sophisticated,” though there was no evidence they’d used zero-days (unpatched software flaws) in recent attacks, even if they had in past attacks on iOS and Android users. The spyware was able to snoop on almost all data on a device including calls, messages, locations, photos and contacts, and it could listen through the phone by turning the microphone on.

Facebook is hopeful that in calling the hacks out, it will have an effect in deterring the hacker crew. “We did see this group react and change their intensity [when past research on their activities were released] and know they’re sensitive to these disclosures,” said Dvilyanski.

The same hackers were spotted by Google researchers in 2019, also targeting iPhone and Android users from the ethnic Muslim population of China’s far-western province Xinjiang. Western governments, including the United States, have leveled sanctions against Chinese officials and companies involved in the alleged detention of up to a million Uyghurs, and other Muslim minorities, in a vast network of forced labor and “re-education” camps. DJI, the Chinese drone giant, was the latest to have been caught up in the sanctions, as the Commerce Department banned American companies exporting any tech to the company.

 

Author image

Thomas Brewster   Forbes U.S. Staff

I'm associate editor for Forbes, covering security, surveillance and privacy. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist of the year in 2012 and 2013 for a range of exclusive articles, and in 2014 was handed Best News Story for a feature on US government harassment of security professionals.