clock menu more-arrow no yes mobile

Filed under:

New cross-platform malware targets Uyghur activists

New, 18 comments

Activists in the Uyghur nationalist movement are being targeted by malware which is exploiting backdoors in both Windows and Mac OS X

Uyghur malware target image
Uyghur malware target image

Researchers at security firms Kaspersky Labs and AlienVault have uncovered two sophisticated malware attacks which appear to deliberately target activists in the Uyghur nationalist movement. The packages come in variants for both Windows and Mac OS X, which connect to a shared command and control center located in mainland China.

The emotive image shown above is sent to victims via email, luring them into downloading an attached ZIP file which contains a malicious executable. On Macs, the malware then uses what Kaspersky describes as a "mostly undetected version of the MaControl backdoor (Universal Binary), which supports both i386 and PowerPC Macs." The Windows equivalent uses a remote access tool known as "Gh0st RAT," which has been spotted in previous attacks on Uyghurs and Tibetans, both regular victims of Chinese cyber-spying.

The image is sent to victims via email

If this new attack is the work of parties close to the Chinese government, it couldn't have come at a better time in diplomatic terms. Earlier this month, it was confirmed that the notorious Flame virus, which has infected thousands of systems throughout the Middle East, was co-developed by the United States and Israel to attack Iran's nuclear program, echoing 2010's Stuxnet worm. While Stuxnet and Flame target infrastructure and this particular attack focuses on espionage, it seems like cyber-warfare is game that everyone's starting to play.