Weaponized Words: Uyghur Language Software Hijacked to Deliver Malware

SUMMARY :

This analysis details a spearphishing campaign targeting senior members of the World Uyghur Congress (WUC) in March 2025. The attackers used a trojanized version of a legitimate Uyghur language text editor to deliver Windows-based malware for remote surveillance. While not technically advanced, the malware delivery was well-customized to reach the Uyghur community. This incident is part of a broader pattern of digital transnational repression against Uyghur diaspora by actors likely aligned with the Chinese government. The malware profiled systems, sent information to remote servers, and could load additional malicious plugins. The campaign demonstrates the ongoing digital threats facing exiled Uyghur communities and the exploitation of software meant to support marginalized cultures.

OPENCTI LABELS :

spearphishing,trojanized software,gheyretdetector backdoor,remote surveillance,uyghureditpp trojan,digital transnational repression,uyghur,diaspora targeting,world uyghur congress


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Weaponized Words: Uyghur Language Software Hijacked to Deliver Malware