CyberSecurity news
FlagThis
@NCSC News Feed
//
A coalition of governments, including the UK, US, Australia, Canada, Germany, and New Zealand, has issued an alert regarding the use of BADBAZAAR and MOONSHINE spyware. These sophisticated tools are being used to target civil society groups and ethnic minorities, specifically Uyghur, Taiwanese, and Tibetan communities. The spyware is embedded within seemingly legitimate Android applications, effectively acting as Trojan malware to gain unauthorized access to sensitive data. These malicious apps are designed to appear harmless, often mimicking popular apps or catering to specific interests of the targeted groups.
These spyware families are capable of accessing a wide range of information on infected devices, including location data, microphone and camera feeds, messages, photos, and other stored files. The UK's National Cyber Security Centre (NCSC) has stated that the targeted individuals are those connected to topics considered a threat to the Chinese state, such as Taiwanese independence, Tibetan rights, Uyghur Muslims, democracy advocacy, and the Falun Gong spiritual movement. The indiscriminate nature of the spyware's spread raises concerns that infections may extend beyond the intended targets, potentially affecting a broader range of users.
The advisory includes a list of over 100 malicious Android apps that have been identified as carrying the BADBAZAAR and MOONSHINE spyware. These apps often masquerade as Muslim and Buddhist prayer apps, chat applications like Signal, Telegram, and WhatsApp, or utility apps like Adobe Acrobat PDF reader. To mitigate the risk, individuals are urged to download apps only from official app stores, keep their devices and apps up to date, avoid rooting or jailbreaking their devices, and carefully review app permissions before installation. The NCSC and its partners continue to monitor the activities of these malicious cyber actors and provide guidance to help individuals protect themselves from these evolving threats.
ImgSrc: www.ncsc.gov.uk
References :
These spyware families are capable of accessing a wide range of information on infected devices, including location data, microphone and camera feeds, messages, photos, and other stored files. The UK's National Cyber Security Centre (NCSC) has stated that the targeted individuals are those connected to topics considered a threat to the Chinese state, such as Taiwanese independence, Tibetan rights, Uyghur Muslims, democracy advocacy, and the Falun Gong spiritual movement. The indiscriminate nature of the spyware's spread raises concerns that infections may extend beyond the intended targets, potentially affecting a broader range of users.
The advisory includes a list of over 100 malicious Android apps that have been identified as carrying the BADBAZAAR and MOONSHINE spyware. These apps often masquerade as Muslim and Buddhist prayer apps, chat applications like Signal, Telegram, and WhatsApp, or utility apps like Adobe Acrobat PDF reader. To mitigate the risk, individuals are urged to download apps only from official app stores, keep their devices and apps up to date, avoid rooting or jailbreaking their devices, and carefully review app permissions before installation. The NCSC and its partners continue to monitor the activities of these malicious cyber actors and provide guidance to help individuals protect themselves from these evolving threats.
ImgSrc: www.ncsc.gov.uk
Share:
References :
- thecyberexpress.com: Global Cybersecurity Agencies Warn of Spyware Targeting Uyghur, Tibetan, and Taiwanese Communities
- ComputerWeekly.com: NCSC issues warning over Chinese Moonshine and BadBazaar spyware
- NCSC News Feed: BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors
- Danny Palmer: The NCSC has put out a warning on how malicious cyber actors are using two forms of spyware - dubbed MOONSHINE and BADBAZAAR - hiding in otherwise legit mobile apps to target individuals in Uyghur, Tibetan and Taiwanese communities as well as civil society groups.
- Zack Whittaker: A coalition of global governments have identified dozens of Android apps that are bundled with the prolific BadBazaar and Moonshine spyware strains, which they say are targeting civil society who oppose China's state interests.
- techcrunch.com: Governments identify dozens of Android apps bundled with spyware
- Threats | CyberScoop: BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns
- techcrunch.com: Governments warn of BadBazaar and Moonshine spyware, MSFT issued fixes for at least 121 flaws, Scattered Spider persists after arrests, UK probes suicide forum, Hackers abuse SourceForge to distribute malware, Dutch gov't to screen researchers and students for espionage risks, much more
- NCSC News Feed: The NCSC has put out a warning on how malicious cyber actors are using two forms of spyware - dubbed MOONSHINE and BADBAZAAR - hiding in otherwise legit mobile apps to target individuals in Uyghur, Tibetan and Taiwanese communities as well as civil society groups.
- securityonline.info: Spyware Alert: BADBAZAAR and MOONSHINE Target Civil Society and Ethnic Groups
- cyberscoop.com: BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns
- Tenable Blog: Tenable Blog on Mobile Spyware Attacks
- cyberinsider.com: CyberInsider article on Western intelligence agencies exposing Chinese spyware