China Is Installing Android Malware on Tourists’ Phones

China Is Installing Android Malware on Tourists’ Phones

China has famously invasive security and surveillance operations, but activists report at least one region of the country has gotten even more Orwellian. Multiple news agencies have joined forces to analyze a new piece of malware, which Chinese border agents are forcing tourists to install on their phones. The software copies messaging, contacts, and searches phones for thousands of different documents.

Tourists report they’ve encountered this new device search when entering the Xinjiang region, which is home to the Uighur population. Millions of these ethnically Turkic Muslims live in China, almost all of them in Xinjiang. Beijing has been openly hostile toward the Uighur for years, including the use of mass surveillance and detention camps. The new malware, known as BXAQ or Fengcai, seems aimed at tracking Uighur populations and their sympathizers.

Fengcai is a standard Android app, but it has a huge number of sensitive permissions (see below), and it abuses those permissions to the extreme. Border agents have to side-load the app, which means bypassing several layers of protection that prevent users from accidentally installing unverified apps. After installation, the app copies the phone’s messaging history, calendar entries, contacts, and account details to a Chinese server.

China Is Installing Android Malware on Tourists’ Phones

After copying data, Fengcai searches the phone’s storage for more than 70,000 documents. Some of those are extremist Islamic material, but just as much of it is innocuous content like the Quran, information about the Dalai Lama, and scholarly books on the Islamic world. It even looks for songs by a Japanese metal band called Unholy Grave, which has a song about Taiwan.

Fengcai is designed to be uninstalled after collecting data — there’s even a large “uninstall” button in the app. It would appear border guards aren’t bothering to make people remove it, though. Motherboard has uploaded a copy of the Android APK to GitHub, but you probably shouldn’t install it. There are no reports of Fengcai being forced on tourists in other regions of China, but it wouldn’t be surprising to see something similar show up.

Continue reading

Malware Masquerading as Android 2FA App Infected 10,000 Phones Before Removal
Malware Masquerading as Android 2FA App Infected 10,000 Phones Before Removal

Known simply as 2FA Authenticator, the app picked up more than 10,000 installs until security researchers identified it as a vehicle for trojan-dropper malware.

Clever Malware Masquerades as Windows 11 Installer
Clever Malware Masquerades as Windows 11 Installer

A Russian website disguised as an official Microsoft page is distributing an "upgrade installer" that won't get you Windows 11. What it will get you is a bunch of malware.

Researchers Devise Malware That Runs When an iPhone is Powered Off
Researchers Devise Malware That Runs When an iPhone is Powered Off

The iPhone's low-power mode allows users to access Express cards and locate lost devices even when the phone is turned off—but it also presents a concerning security vulnerability.

Google Warns of Sophisticated Malware Distributed With The Help of ISPs
Google Warns of Sophisticated Malware Distributed With The Help of ISPs

According to Google's Threat Analysis Group (TAG), this spyware was developed by an Italian company called RCS Labs. The firm claims to be on the right side of the law, but that doesn't change the fact its software is being used to breach user privacy.