After a collaborative investigation found Chinese authorities planting malware on the phones of travellers, anti-virus companies such as Symantec, Malwarebytes, and few other well-known cybersecurity firms have updated their products to notify users when such malware is detected on their phones.
As per a report by Vice, shortly after the article was published, folks over at Motherboard uploaded a copy of the malware on GitHub so that researchers could break down components of the malware (named Fengcai or BXAQ) and analyse it further.
Results from VirusTotal, a malware detection search engine owned by Google now reveals that a number of popular anti-virus firms including — Avast, McAfee, Check Point, Malwarebytes and Symantec detect the said BXAQ malware immediately triggering an alert for users to see.
The collaborative scoop reported by Vice’s Motherboard, The New York Times, The Guardian, Sueddeutsche Zeitung, and German public broadcaster NDR, revealed that the Chinese border police were forcing tourists travelling to the Xinjiang region to install a piece of malware on their phones.
This malware copies all the data including contact details, messages, images, and other data from the tourist’s phone and uploads it on the border police servers. This data is then compared against around 73,000 pieces of objectionable content enumerated by the Chinese authorities — which mostly included Islamic extremist content as well as harmless Islamic material, academic books on Islam, photos of Tibetan leader Dalai Lama, the literature on Tibet and even a song by a Japanese metal band Unholy Grave.
According to experts, once the app is installed on a device, it collects the phone’s calendar entries, phone contacts, call records and text messages, and uploads them to a remote server. In addition to this, the app also notes the apps installed on the device and extracts usernames for some of the apps.