“I found myself under surveillance as I received random messages and links from numbers either associated from China or registered in Tibet,” Dalha told
ET in a phone interview. “The malware received were mostly in WhatsApp and the Chinese social messaging app WeChat,” he added.
Dalha told ET that WhatsApp had not reached out to him or other Tibetan activists who were victims of the malware.
Since attackers quickly change their methods, which are often designed to target a large number of victims at once, researchers like him follow simple techniques to ward off these attacks, such as not clicking on unknown links and reporting them to tech experts, Dalha said. Dahla said he got to know of the breach through Citizen Lab, the research organisation under the University of Toronto. WhatsApp itself had alerted some other activists last year about the Pegasus malware, allegedly developed by Israel-based NSO Group.
As reports emerged last week that WhatsApp had sued the firm, accusing it of hacking nearly 1,400 users including several journalists, activists and diplomats (also in India), conversations with a few Tibetan activists revealed that WhatsApp had been exposed to snooping by surveillance companies based out of China.
Citizen Lab published a report in September saying senior members of Tibetan groups had received malicious links in individually tailored WhatsApp text exchanges between November 2018 and May 2019, with operators posing as workers of non-governmental organisations, journalists, and using other fake identities.
The links led to code designed to exploit web browser vulnerabilities to install spyware on Apple iOS and Android devices. The campaign, which Citizen Lab termed POISON CARP, is believed to have been carried out by a single operator.