SilkBean
SilkBean is an Android malware family that was first discovered in 2016 – the code of the threatening spyware was found in fake Android applications that were hosted on 3rd-party websites and application stores that were promoted via online advertisements, text messages, and social media. It seemed that the threatening applications containing SilkBean's code were using fake names and descriptions that made them appear as useful applications for the Uyghur community in China – this is likely the primary group that the SilkBean malware targets.
The SilkBean often masqueraded as an Uyghur keyboard application, a news application, a video player, or a TV viewing utility. Once planted on a device, the SilkBean malware would disguise itself as a legitimate Android service by using common names such as 'com.google.play' – a service that users would not suspect to be involved in harmful activity.
The Silkbean Malware can Execute over 70 Unique Commands on Infected Devices
The SilkBean Android implant is very rich in terms of functionality, and malware researchers were able to identify over 70 unique commands that the malware could execute. These would enable the attacker to access all sorts of content and features of the infected device – files, sensors, contacts, text messages, settings, and more.
Although most of the fake applications targeted the Uyghur community, some of the fake utilities featured other languages as well – Pashto, Arabic, Chinese, Uzbek, Turkish, Urdu, Hindi and Indonesian.
Closer analysis of SilkBean's code revealed the use of many Chinese phrases and words, which is likely to hint that the developers of the malware are fluent in Chinese. On top of this, the SilkBean implant shared many similarities with well-known Chinese Android malware samples, so this is another strong connection that shows the attackers' potential origin.
Judging by the languages and applications used by the SilkBean malware, it is clear that the targets of this campaign are Muslims and, more specifically, those in the Chinese Uyghur community.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.