Anti-virus software makers build-in signatures to detect Chinese government malware

Symantec and Malwarebytes have updated their anti-virus software to detect the spyware that Chinese border control agents have been planting on travellers' smartphones without their consent.

The surveillance malware has been installed on the smartphones of people travelling into the Xinjiang region - a predominantly ethnically Uyghur Muslim region - by China's border control authority. The malware is designed to monitor the device for the use of any terms related either to Islamic extremism or the Dalai Lama.

The Dalai Lama is the spiritual leader of Tibet, the region neighbouring Xingjiang invaded by China in the 1950s following a four-decade stint of independence.

The malware has been dubbed BXAQ or Fengcai by security software firms and, according to Vice, Symantec and Malwarebytes are among the first anti-virus software firms to detect the malware. It comes after the publisher uploaded a copy of the Malware onto Github to enable anyone to examine it.

Avast, McAfee, and Check Point, which is responsible for the ZoneAlarm PC firewall and anti-virus, have also followed suit.

Anyone running the anti-virus on their smartphone will receive a pop-up alerting them to the presence of snooping software on their phone. It's not clear how Chinese authorities might respond to this challenge.

Malwarebytes said it had created a rule to detect the Chinese malware, and Symantec said its anti-virus software would have already detected the software and ought to have flagged it as an unwanted app.

It's not clear whether these moves will protect devices subjected to direct tampering by Chinese authorities. Chinese border control tends to sideload the spyware, which can bypass security checks normally done when an Android app is downloaded via Google's Play Store.

In any case, sensible travellers to China have, for years, used ‘burner' phones and laptops bearing only the essential applications to prevent probing by Chinese government authorities on entry.

Nevertheless, the move will be an embarrassment to China's increasingly authoritarian government, which elected Xi Jingping president for life in 2018.

The news comes amid a heightening trade war between the US and China, with China accused of large-scale intellectual property theft, and operating unfair terms of trade. 

Chinese authorities have also been linked with a series of cyber attacks across the world, including on India, mobile operators across the world, and cloud and IT services providers, as well as all-too-frequent BGP internet-traffic hijacks and the alleged exploitation of points-of-presence around the world to conduct espionage. 

Comments are closed.