A coalition of governments has published a list of legitimate-looking Android apps that were actually spyware, and used to target civil society that may oppose China’s state interests.
On Tuesday, the U.K.’s National Cyber Security Centre, or NCSC, which is part of intelligence agency GCHQ, along with government agencies from Australia, Canada, Germany, New Zealand, and the United States, published separate advisories on two families of spyware, known as BadBazaar and Moonshine.
These two spywares hid inside legitimate-looking Android apps, acting essentially as “trojan” malware, with surveillance capabilities such as the ability to access the phone’s cameras, microphone, chats, photos, and location data, the NCSC wrote in a press release out Wednesday.
BadBazaar and Moonshine, which have been previously analyzed by cybersecurity firms like Lookout, Trend Micro, and Volexity, as well as the digital rights nonprofit Citizen Lab, were used to target Uyghurs, Tibetans, and Taiwanese communities, as well as civil society groups, according to the NCSC.
Uyghurs are a Muslim-minority group largely in China that has for years faced detention, surveillance, and discrimination from the Chinese government, and thus has frequently been the target of hacking campaigns.
“The apps specifically target individuals internationally who are connected to topics that are considered by the Chinese state to pose a threat to its stability, with some designed to appeal directly to victims or imitate popular apps,” the NCSC said Wednesday. “The individuals most at risk include anyone connected to: Taiwanese independence; Tibetan rights; Uyghur Muslims and other ethnic minorities in or from China’s Xinjiang Uyghur Autonomous Region; democracy advocacy, including Hong Kong, and the Falun Gong spiritual movement.”
In one of the two documents published by the NCSC on Wednesday, there is a list of the malicious apps, which includes more than 100 Android apps masquerading as Muslim and Buddhist prayer apps, chat apps like Signal, Telegram, and WhatsApp, and other popular apps like Adobe Acrobat PDF reader, as well as utility apps.
The NCSC also mentions one iOS app called TibetOne, which was listed on Apple’s App Store in 2021.
Google and Apple did not immediately respond to a request for comment.
#Governments #identify #dozens #Android #apps #bundled #spyware