Two spyware variants are targeting Uyghur, Taiwanese and Tibetan groups and individuals, the U.K.’s National Cyber Security Centre warned in a joint alert (opens pdf) Wednesday with Western allies.
[...]
Cybersecurity researchers have previously linked the BADBAZAAR and MOONSHINE spyware to the Chinese government. The variants mentioned in Wednesday’s alert trojanize apps that are of interest to the target communities, such as a Uyghur language Quran app, and have appeared in official app stores.
“BADBAZAAR and MOONSHINE collect data which would almost certainly be of value to the Chinese state,” the alert reads. Agencies in Australia, Canada, Germany, New Zealand and the United States, namely the FBI and National Security Agency, collaborated on it.
Groups most at risk include those focused on Taiwanese independence, Tibetan rights, Uyghur Muslims, democracy advocacy and Falun Gong, according to the alert. The espionage tools can access and download information like location data or messages and photos, and can access microphones and cameras on a phone.
BADBAZAAR is mobile malware with both iOS and Android variants, while MOONSHINE is Android-only. MOONSHINE has been shared through Telegram channels and links sent via WhatsApp.
[...]
Beyond official app stores, BADBAZAAR also spreads through social media platforms. It’s been drawing its own attention from cybersecurity researchers since at least 2022 when Lookout identified it.