Uyghur Android and Windows Users Also Targeted in Malware Campaign

Earlier this week, Zach Whittaker of TechCrunch reported that the complex series of exploits used to plant malware on iPhones was an attempt to infect the phones of Uyghurs — presumably by the Chinese government.

Thomas Brewster, Forbes:

The unprecedented attack on Apple iPhones revealed by Google this week was broader than first thought. Multiple sources with knowledge of the situation said that Google’s own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China. That community has long been targeted by the Chinese government, in particular in the Xinjiang region, where surveillance is pervasive.


Google hadn’t provided comment at the time of publication. It’s unclear if Google knew or disclosed that the sites were also targeting other operating systems. One source familiar with the hacks claimed Google had only seen iOS exploits being served from the sites.

This must be one of the most expansive known surveillance campaigns in the post-Snowden era, and certainly the most brazen. It doesn’t target communications in transit; because many messaging platforms employ at least some form of encryption, the contents of messages must be captured at either the source or destination. That makes devices themselves much higher value targets and more active participants in spying.