SilkBean

SilkBean is the name of a threat that is designed to only go after Android devices. This threat was first spotted back in 2016. Back then, security experts spotted the SilkBean malware present in the code of bogus Android applications that were hosted on a third-party Web page. The fake Android applications were promoted via bogus social media posts, corrupted advertisements online and fraudulent text messages. The applications in question were targeting the Chinese Uyghur community by posing as helpful tools that will better their browsing quality.

According to researchers, the SilkBean malware was being distributed via bogus Uyghur TV player, a news application and a keyboard utility. When the SilkBean threat infiltrates the targeted device, it will use generic names like ‘com.google.play’ to pose as genuine Android service. This diminishes the chances for the user to spot the threat.

The SilkBean malware is very feature-rich – cybersecurity experts have spotted more than 70 commands that this nasty threat can carry out. With the help of these commands, the SilkBean threat operators can access and control the device’s sensors, settings, etc. Furthermore, it allows the attackers to access the victim’s contacts list, text messages and other information.

After studying the SilkBean threat extensively, malware experts have spotted certain Chinese phrases, which suggested that the native language of the developers of this malware is Chinese. The SilkBean malware also carries some similarities with other Android threats originated from China.

Cybersecurity analysts have found that the Chinese Uyghur community is not the only one targeted by the SilkBean malware. Some fake applications that carried the payload of the SilkBean malware also targeted users who speak Arabic, Uzbek, Urdu, Indonesian, Pashto, Chinese, Turkish and Hindi. It is clear that the authors of the SilkBean malware area targeting Muslims in the Chinese region.