- Malicious apps are disguised to collect data to China
- Uighur, Tibetan and Taiwanese communities are targeted
- Apps look like religious and cultural applications
UKS National Cyber Security Center, along with countrymen in Australia, Canada, Germany, New Zealand and the US, warns apps filled with spyware to target Uighur, Tibetan and Taiwanese communities.
Spyware called Badbazaar and Moonshine is probably used to collect information “on use for China” about individuals who could pose a threat to China’s security.
Many of the apps loaded with spyware are designed to mimic religious or cultural applications.
Collection of location, audio and photo data
The apps in question include “Audio Quran”, a religious app used to target Uighur communities, and “Tibetone”, which at first glance appears to be an application used to share photos, videos, music and articles celebrating Tibetan culture.
There have been attempts to share the applications through legitimate channels like the Google Play Store, but these attempts have been largely successful thanks to the security checks found in the Play Store.
As a result, apps were instead shared on forums visited by the target communities, and trusted users who installed apps through .APK files.
As per the NCSC report [PDF]Apps are not only used to target individuals, but are also used to monitor civil society groups to track their activities.
Badbazaar and Moonshine Spyware would be able to access real -time location and GPS data, live audio and video recording, stored on the device, SMS and call logs and device information, as well as being able to play audio through the device.
The joint statement says, “Although Badbazaar and Moonshine have been observed targeted at Uighur, Tibetan and Taiwanese individuals, there are other malware targeting other minority groups in China. Co-sealers from co-sealing countries, in China and abroad, which are perceived as supporting causes that threaten regime stability Badbazaar and Moonshine. ” “
“The ability to capture location, audio and photo data almost certainly provides the opportunity to inform future monitoring and harassment operations by providing real-time information about the target’s activity.”
