Click to Skip Ad
Closing in...

Sophisticated iPhone malware specifically targeted China’s Uyghur Muslims

Published Sep 2nd, 2019 4:20PM EDT
iPhone Security
Image: JIM LO SCALZO/EPA-EFE/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Late last week, security researchers from Google’s Project Zero team provided us with fascinating details regarding a sophisticated exploit targeting iPhone users. The exploit itself relied upon a number of 0-day vulnerabilities and, somewhat curiously, indiscriminately installed malware on any device that happened to visit an infected website.

Once installed, the malware would collect a user’s photos, private messages, passwords, and even send GPS location data in real-time. Initially, the Project Zero team didn’t mention who was behind the malware or who it targeted, save for a cryptic message that it may have been designed to target a specific ethnic group.

A few days later, we now know a little bit more about the origins of the malware. Citing sources familiar with the matter, TechCrunch is reporting that the malware was likely a state-sponsored attack from China targeting the country’s Uyghur Muslim community.

“It’s part of the latest effort by the Chinese government to crack down on the minority Muslim community in recent history,” TechCrunch notes. “In the past year, Beijing has detained more than a million Uyghurs in internment camps, according to a United Nations human rights committee.”

Additionally, some Muslims in Uyghur areas have actually been banned from fasting during the month of Ramadan in years past.

Interestingly, subsequent reports have added that the malware in question didn’t just target iOS users. According to Forbes, the malware campaign also targeted Android and Windows users.

Speaking to the sophistication of the attack — which persisted for two years — sources tell Forbes that the malware on impacted sites was routinely updated to adapt to the computing usage habits of the Uyghur community.

Apple patched the iOS vulnerabilities back in February, but the broader takeaway here is that even a company as security-minded as Apple can be left playing catch-up when dealing with state-sponsored malware.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.