New Evidence Suggests Chinese Government Creating Android Malware

There is mounting evidence that the Chinese government may be responsible for targeted Android malware attacks.

Andy Greenberg over at cites research from the Citizen Lab, a group of information security researchers at the Munk School of Global Affairs at the University of Toronto. It cites Tibetan activists that were targeted with sophisticated Android malware, allowing remote operators to steal a user's contacts, messages and even learn their location.

While malware typically performs the above actions, the Citizens Lab noted that this malware uses data that can only come from the mobile operator. The researchers say that the Chinese government maintains strong relationships with all its mobile operators and could easily call upon them to provide the cellular tower data necessary. “We don’t have a smoking gun that this is the Chinese government. But let’s face it,” says Citizen Lab director Ron Deibert. “When you add it all up, there’s really only one kind of organization for whom this information is useful. And we know that the Chinese have a very strong interest in tracking Tibetans, so it’s a strong set of circumstantial evidence.”

Greenberg cites other examples. "Other signs further tie the malware to snoops who closely monitor activist communities in China. The masked server controlling the malware was called “,” a reference to Uyghur Muslim communities in Northwest China, many of whom have pushed for independence. And Kakao, the South Korean app redesigned to harbor the malware, had recently been recommended by a prominent Tibetan activist after security concerns were raised about Wechat, an alternative application offered by the Chinese firm Tencent. The message carrying the rigged app analyzed by Citizen Lab was in fact an exact copy of a real message from the Tibetan activist recommending Kakao.