Tourist are being forced at China Border to install Text stealing malware on their Mobile Phone

Chinese authorities are conducting a massive surveillance campaign. Foreigners, who are crossing china border, are forced to install a text stealing android malware on their android mobile phones. The malware in question is called BXAQ or Fengcai.

The Android Application is developed by Ninjing FiberHome StarrySky Communication Development Company Ltd. Ninjing FiberHome StarrySky Communication Development Company Ltd is partly state owned company.

“The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller's device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band.” – According to a report published by Motherboard.

In china, Muslim populations are abused by Chinese Government, but the news show that Chinese Government has started their unlawful surveillance on foreigners too. “What you’ve found goes beyond that: it suggests that even foreigners are subjected to such mass, and unlawful surveillance.” – Said by Maya Wang, China senior researcher at Human Rights Watch.

Motherboard has uploaded a copy of the android app to GitHub account, here.

Once the malware installed on your Android Mobile Phone, it will request certain permission. All the phone’s calendar entries, phone contracts, call logs, and text messages are collected by the malware. Then all the collected data are transferred to a server. Report also says Mobile phones are also scanned by the malware to check which apps are installed; in some cases malware also extracts the subject’s username from some installed apps.

The android malware in question scans the android device for over 70,000 different files.

Motherboard report “Included in the app's code are hashes for over 73,000 different files the malware scans for. Ordinarily, it is difficult to determine what specific files these hashes relate to, but the reporting team and researchers managed to uncover the inputs of around 1,300 of them. This was done by searching for connected files on the file search engine Virus Total. Citizen Lab identified the hashes in the VirusTotal database, and researchers from the Bochum team later downloaded some of the files from VirusTotal. The reporting team also found other copies online, and verified what sort of material the app was scanning for.
 
Many of the files that are scanned for contain clearly extremist content, such as the so-called Islamic State's publication Rumiyah. But the app also scans for parts of the Quran, PDFs related to the Dalai Lama, and a music file from Japanese metal band Unholy Grave”

This is not a new issue of surveillance campaign run by Chines Government, in the past Motherboard reported yet another surveillance story of installing Malware. Motherboard reported a malware named JingWang was being installed on mobiles phones belonging to the Muslim Uighur population in the Xinjiang region of China.

What people are saying about this matter?

Wang, from Human Rights Watch said “The Chinese government, both in law and practice, often conflates peaceful religious activities with terrorism. Chinese law defines terrorism and extremism in a very broad and vague manner. For example, terrorism charges can stem from mere possession of 'items that advocate terrorism,' even though there is no clear definition of what these materials may be.”
Patrick Poon, China researcher at Amnesty International said “it's pretty alarming to see how even foreigners and tourists would be subject to this kind of surveillance."
Edin Omanovic, state surveillance programme lead at Privacy International said "This is yet another example of why the surveillance regime in Xinjiang is one of the most unlawful, pervasive, and draconian in the world." 

He adds “Modern extraction systems take advantage of this to build a detailed but flawed picture into people’s lives. Modern apps, platforms, and devices generate huge amounts of data which people likely aren’t even aware of or believe they’ve deleted, but which can still be found on the device. This is highly alarming in a country where downloading the wrong app or news article could land you in a detention camp.”

Reference
https://www.vice.com/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware