Western intelligence agencies released a joint advisory detailing two spyware tools disguised as mobile phone applications intended to surveil Taiwanese independence activists, Tibetan rights advocates and civil society groups and individuals whose activities are seen as opposition to China's state interests.
The advisory was issued by the UK’s National Cyber Security Centre (NCSC) in collaboration with government agencies from Australia, Canada, Germany, New Zealand, and the United States. It focuses on two spyware families, dubbed ‘BadBazaar’ and ‘Moonshine’ masquerading as seemingly legitimate apps to infiltrate their targets' mobile devices.
According to the NCSC, the malicious apps were designed to work as ‘trojan’ malware, which allowed attackers to access sensitive information, including users' camera and microphone, private chats, photos, location data, and more.
The spyware campaigns primarily targeted Uyghurs, Tibetans, and Taiwanese communities, as well as democracy advocates and other civil society groups. Uyghurs, a Muslim-minority group predominantly based in China, have faced years of government-led persecution, including arbitrary detentions, surveillance, and discrimination.
Among the more than 100 malicious apps listed in the advisory are a variety of apps masquerading as Muslim and Buddhist prayer tools, as well as widely used chat applications like Signal, Telegram, and WhatsApp. Other popular apps, such as Adobe Acrobat PDF Reader and various utility apps, were also compromised in this operation. In addition, one iOS app, TibetOne, was identified as malicious and had been available on the Apple App Store in 2021 before it was removed.