Loading
Chinese Antivirus Companies Don’t Flag Chinese Border Malware
VICE
Fri, 12 Jul 2019 12:00

Chinese Antivirus Companies Don’t Flag Chinese Border Malware

VICE
Fri, 12 Jul 2019 12:00

Several high profile Chinese cybersecurity companies allegedly dont flag a piece of malware in their antivirus products that can download a victims text messages, calendar entries, call logs and contacts, and scan their phone for a set of specific files.

Chinese Antivirus Companies Don’t Flag Chinese Border Malware
Notably, the malware is used by Chinese authorities at the countrys border.

The malware—called BXAQ or Fengcai—was the focus of a collaboration between Motherboard, Süddeutsche Zeitung, the Guardian, the New York Times, and the German public broadcaster NDR. That investigation found Chinese authorities installed the malware onto the phones of tourists who crossed a certain point of the countrys border into the Xinjiang region. China continues to subject the local Uighur Muslim population in Xinjiang to extreme forms of surveillance, as well as forcing them into so-called re-education camps.
As part of that collaboration, Motherboard published the BXAQ app onto GitHub. In response, several antivirus firms, including Avast, McAfee, Check Point, Symantec, and Malwarebytes started to explicitly flag the app as malware.

But Chinese companies and products such as Baidu, Qihoo, Jiangmin, Rising, and Tencent still arent flagging the malware, according to results from VirusTotal, a Google-owned malware search engine.

Do you know any other cases of government malware? Wed love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Anyone is free to upload a file to VirusTotal to scan. VirusTotal will then process the file through various antivirus products, and then display whether they detect the file as malicious, and under what name it flags the file. The system isnt perfect, but can generally provide a good indication of a piece of malwares coverage across the industry.

Where a cybersecurity company is located can impact its products or research the company produces. In 2014, the head of Dutch security company Fox IT, told Mashable that his company and others did not publish details of a GCHQ hack in order not to “interfere with NSA/GCHQ operations.” Kevin Mandia, CEO of FireEye, previously told Cyberscoop that it will tip-off intelligence officials from the Five Eyes alliance, made up of the U.S., U.K., Australia, New Zealand, and Canada before publishing a public report on their malware. The companys products do still remove Five Eyes malware though, he said.
None of the companies contacted by Motherboard provided a statement.

Lorenzo Franceschi-Bicchierai contributed to this article.

Subscribe to our new cybersecurity podcast, CYBER.