A coalition of governments has published a list of legitimate-looking Android apps that were actually spyware used to target civil society groups that may oppose China’s state interests.
On Tuesday, the U.K.’s National Cyber Security Centre (NCSC), part of intelligence agency GCHQ, along with government agencies from Australia, Canada, Germany, New Zealand, and the United States, published separate advisories on two families of spyware, known as BadBazaar and Moonshine.
These two spywares hid inside legitimate-looking Android apps, acting essentially as “Trojan” malware, with surveillance capabilities such as accessing the phone’s cameras, microphone, chats, photos, and location data, the NCSC wrote in a press release on Wednesday.
BadBazaar and Moonshine, previously analyzed by cybersecurity firms like Lookout, Trend Micro, and Volexity, as well as the digital rights nonprofit Citizen Lab, were used to target Uyghurs, Tibetans, and Taiwanese communities, as well as civil society groups, according to the NCSC. Uyghurs are a Muslim-minority group largely in China that has faced detention, surveillance, and discrimination from the Chinese government, making them frequent targets of hacking campaigns.
The apps specifically target individuals internationally connected to topics considered by the Chinese state to pose a threat to its stability, with some designed to appeal directly to victims or imitate popular apps. The individuals most at risk include those connected to Taiwanese independence, Tibetan rights, Uyghur Muslims, and other ethnic minorities in or from China’s Xinjiang Uyghur Autonomous Region, democracy advocacy (including Hong Kong), and the Falun Gong spiritual movement.
In one of the documents published by the NCSC on Wednesday, there is a list of malicious apps, including over 100 Android apps masquerading as Muslim and Buddhist prayer apps, chat apps like Signal, Telegram, and WhatsApp, other popular apps like Adobe Acrobat PDF reader, and utility apps.
The NCSC also identified one iOS app called TibetOne, listed on Apple’s App Store in 2021. Google and Apple did not immediately respond to a request for comment.
