The government coalition has published a list of legitimately-looking Android apps that are actually spyware, and is used to target civil society that may oppose the interests of the Chinese state.
On Tuesday, the NCSC, part of the UK's National Cybersecurity Centre, or Intelligence Reporting Agency GCHQ, released separate recommendations on two families of spyware, known as Badbazaar and Moonshine, along with government agencies in Australia, Canada, Germany, New Zealand and the US.
These two spyware are hidden within legitimately-looking Android apps, essentially act as “Trojan horse” malware and have surveillance features such as the ability to access mobile phone cameras, microphones, chats, photos, and location data.
Badbazaar and Moonshine, previously analyzed by cybersecurity companies such as Lookout, Trend Micro, Hobexity and Digital Rights Nonprofit Citizen Lab, and the Institute for Digital Rights Nonprofit Citizens, have been analyzed by the Institute for Digital Rights, among others.
Uyghurs is a primarily Chinese Muslim minority group, which has faced detention, surveillance and discrimination from the Chinese government for many years and is therefore often the target of hacking campaigns.
“The app is targeting individuals internationally who are connected to topics that the Chinese state is thought to threaten its stability. Some people are designed to appeal directly to victims or mimic popular apps,” the NCSC said Wednesday. “The most at-risk individuals include Taiwan's independence, Tibetan rights, Uyghur Muslims and other ethnic minorities in the New Jiang Jiang Autonomous Region of China, as well as the advocacy of democracy, including Hong Kong and the Falun Gong psychic movement.”
One of the two documents issued by NCSC on Wednesday includes over 100 Android apps pose as Muslim and Buddhist prayer apps, chat apps such as Signal, Telegram and WhatsApp, and more than 100 Android apps, including popular apps such as Adobe Acrobat PDF Reader and utility apps.
NCSC also mentions one iOS app called Tibeton, which was listed in Apple's App Store in 2021.
Google and Apple did not respond immediately to requests for comment.