- They are disguising malicious applications to collect data for China
- Uight, Tibetan and Taiwanese communities are being attacked
- Applications look like religious and cultural applications.
The National Cyber Security Center of the UKS, together with the compatriots in Australia, Canada, Germany, New Zealand and the USA.
Spyware, called Badbazaar and Moonshine, is probably being used to collect “use” information about people who could represent a threat to China’s security.
Many of Spyware applications are designed to imitate religious or cultural applications.
Collection of location, audio and photos
The applications in question include “Coran Audio”, a religious application used to aim at the Uigures communities, and “Tibetone” that at first glance seems to be an application used to share images, videos, music and articles that celebrate the Tibetan culture.
There have been attempts to share applications through legitimate channels such as Google Play Store, but these attempts have not been successful thanks to the security controls established in Play Store.
As a result, applications were shared in forums frequented by destination communities and were based on users who install applications through .apk files.
According to the NCSC report [PDF]Applications are not used only to attack people, but are also being used to monitor civil society groups to track their activities.
Badbazaar and Moonshine Spyware could access the location in real time and GPS data, audio capture and live videos, files stored on the device, SMS and call records and device information, in addition to being able to reproduce audio through the device.
The joint statement says: “Although it has been observed that Badbazaar and Moonshine direct the people, tibetan and Taiwanese, there is another malware that are directed to other minority groups in China. Citizens of the nations of coating, in China and abroad, which can support causes that threaten the regime regime, are almost surely threatened with mobile malware as evil like the malwer of malware and the moon. ” “
“The ability to capture location, audio and photos data almost surely provides the opportunity to inform future surveillance and harassment operations by providing real -time information about the objective of the objective.”
