Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

Western intelligence agencies released a joint advisory detailing two spyware tools disguised as mobile phone applications intended to surveil Taiwanese independence activists, Tibetan rights advocates and civil society groups and individuals whose activities are seen as opposition to China's state interests.

The advisory was issued by the UK’s National Cyber Security Centre (NCSC) in collaboration with government agencies from Australia, Canada, Germany, New Zealand, and the United States. It focuses on two spyware families, dubbed ‘BadBazaar’ and ‘Moonshine’ masquerading as seemingly legitimate apps to infiltrate their targets' mobile devices.

According to the NCSC, the malicious apps were designed to work as ‘trojan’ malware, which allowed attackers to access sensitive information, including users' camera and microphone, private chats, photos, location data, and more.

The spyware campaigns primarily targeted Uyghurs, Tibetans, and Taiwanese communities, as well as democracy advocates and other civil society groups. Uyghurs, a Muslim-minority group predominantly based in China, have faced years of government-led persecution, including arbitrary detentions, surveillance, and discrimination.

Among the more than 100 malicious apps listed in the advisory are a variety of apps masquerading as Muslim and Buddhist prayer tools, as well as widely used chat applications like Signal, Telegram, and WhatsApp. Other popular apps, such as Adobe Acrobat PDF Reader and various utility apps, were also compromised in this operation. In addition, one iOS app, TibetOne, was identified as malicious and had been available on the Apple App Store in 2021 before it was removed.


Back to the list

Latest Posts

Cyber Security Week in Review: April 18, 2025

Cyber Security Week in Review: April 18, 2025

In brief: Apple fixes a couple of iOS zero-days, a Windows NTLM bug exploited in real-world attacks, and more.
18 April 2025
Apple fixes two actively exploited iOS zero-days

Apple fixes two actively exploited iOS zero-days

The flaws have been used in “extremely sophisticated attacks” targeting specific individuals.
17 April 2025
New BPFDoor controller targeting telecoms sector in Asia and the Middle East

New BPFDoor controller targeting telecoms sector in Asia and the Middle East

The campaign is attributed to a well-known cyber espionage group known as Earth Bluecrow.
16 April 2025