Facebook Inc. has taken down a network of China-based accounts being used to spread malware meant to spy on journalists and dissidents in the overseas Uyghur Muslim community, the company said Wednesday.
The sophisticated effort, which the company said was tied to a group of Chinese hackers, included setting up fake news sites and compromising real ones to infect the devices of a small number of people. The hackers also placed malware-laden apps—including Uyghur-language keyboards and prayer apps—in third-party Android app stores.
“We saw attackers injecting malicious code into the website stages, and that would profile users and then infect them with specific malware if they met criteria that attackers set up,” said Mike Dvilyanski, who handles cyber-threat intelligence for Facebook.
Facebook attributed it to a long-running Chinese hacking network and called out two Chinese companies for creating the infected apps.
Most of the activity occurred off Facebook, the company said, though the network did use fake Facebook accounts purporting to be members of the Uyghur community to share links to the infected sites and apps. Devices exposed to the malware would only download it if they met criteria such as using Uyghur-language settings.