Facebook has disrupted a hacking operation that utilized its social media platform, to spread iOS and Android malware that spied on Uyghur people from Xinjiang, China.
The hackers, which researchers have traced to have links to the Chinese government, planted malware on websites often visited by activists, journalists, and dissidents from Xinjiang who are now based overseas.
The hackers installed websites with malicious JavaScript that infected target iPhones with malware which now carries the name Insomnia. The hacking group, referred to as Earth Empusa, Evil Eye, or PoisonCarp, worked against iPhones running iOS versions 10.x, 11.x, 12.0, and 12.1 while some worked against versions 12.3, 12.3.1, and 12.3.2.
Taken together, these exploits were able to infect devices for more than two years and continues to this day even after having been exposed.
Insomnia is capable of exfiltrating data from a host of iOS apps, contacts, GPS, iMessage and third-party apps like Signal, Telegram, Whatsapp, Gmail, and Hangouts. The exploits were delivered only to people who passed certain checks involving IP addresses, OSesd, browsers, as well as country and language settings, thus evading easy detection.
Moreover, Evil Eye used fake apps to infect Android Phones, often mimicking third-party Android app stores that published Uyghur-themed software. Once installed, the trojanized apps infected other devices with one or two strains of malware called ActionSpy and PluginPhantom.
Facebook has named two China-based companies that had allegedly manufactured the malware. The Chinese government has denied any involvement in these practices that targeted Uyghur dissidents and their connections.
For more information, you may view the original story from Arstechnica.
