Spyware combing for data 'of use to China' hidden inside religious and cultural apps

• Malicious apps are being disguised to gather data for China
• Uighur, Tibetan and Taiwanese communities are being targeted
• The apps look like religious and cultural applications

The UKs National Cyber Security Center, alongside compatriots in Australia, Canada, Germany, New Zealand and the US, are warning apps loaded with spyware are being used to target Uighur, Tibetan and Taiwanese communities.

The spyware, named BADBAZAAR and MOONSHINE, is likely being used to gather information “of use to China” on individuals who could pose a threat to China’s security.

Many of the apps loaded with spyware are designed to mimic religious or cultural applications.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Gathering location, audio and photo data

The apps in question include “Audio Quran”, a religious app used to target Uighur communities, and “TibetOne” which appears at first glance to be an application used to share images, videos, music, and articles celebrating Tibetan culture.

There have been attempts to share the applications through legitimate channels such as the Google Play Store, but these attempts have largely been unsuccessful thanks to the security controls in place on the Play Store.

As a result, the apps were instead shared on forums frequented by the target communities, and relied on users installing the apps through .apk files.

According to the NCSC report [PDF], the apps aren’t just being used to target individuals, but are also being used to monitor civil society groups to track their activities.

The BADBAZAAR and MOONSHINE spyware would be able to access real time location and gps data, live audio and video capture, files stored on the device, SMS and call logs, and device information, as well as being able to play audio through the device.

The joint statement says, “Although BADBAZAAR and MOONSHINE have been observed targeting Uighur, Tibetan and Taiwanese individuals, there are other malware that target other minority groups in China. Citizens from co-sealing nations, in China and abroad, who are perceived to be supporting causes that threaten regime stability are almost certainly under threat from mobile malware such as BADBAZAAR and MOONSHINE.”

“The capability to capture location, audio and photo data almost certainly provides the opportunity to inform future surveillance and harassment operations by providing real-time information on the target’s activity.”

You might also like

• Take a look at the best antivirus
• These are the best endpoint protection services
• TVT DVRs become prime target for Mirai botnet