Spyware Android Apps: Governments Issue Warnings

Spyware Targeting Dissidents Disguised as Legitimate Apps

A collaborative effort by multiple governments has revealed a collection of seemingly harmless Android applications that were, in reality, sophisticated spyware. These applications were employed to monitor individuals and groups potentially critical of China’s governmental policies.

International Cybersecurity Advisory

On Tuesday, the National Cyber Security Centre (NCSC) of the U.K., an agency within GCHQ, joined with cybersecurity authorities from Australia, Canada, Germany, New Zealand, and the United States. They released individual advisories detailing two distinct families of spyware: BadBazaar and Moonshine.

These malicious programs were concealed within authentic-looking Android apps, functioning as “Trojan” malware. They possessed extensive surveillance capabilities.

Capabilities of the Spyware

The spyware was capable of accessing sensitive data on compromised devices. This included the phone’s camera, microphone, private conversations, stored photos, and precise location information, as outlined in the NCSC’s Wednesday press release.

Prior analysis of BadBazaar and Moonshine has been conducted by leading cybersecurity companies such as Lookout, Trend Micro, and Volexity. The digital rights organization Citizen Lab has also contributed to understanding these threats.

Targeted Communities

The NCSC reports that these spyware campaigns specifically targeted Uyghurs, Tibetans, and Taiwanese communities. Civil society organizations were also identified as targets.

Uyghurs, a predominantly Muslim ethnic group residing largely in China, have consistently experienced detention, surveillance, and discriminatory practices at the hands of the Chinese government. Consequently, they have frequently been the focus of hacking attempts.

Motivations and Risk Factors

The applications were designed to appeal to potential victims or mimic popular applications. This strategy was employed to target individuals internationally who are associated with issues perceived as threats to China’s stability, according to the NCSC.

Those at greatest risk include individuals involved with Taiwanese independence movements, advocates for Tibetan rights, Uyghur Muslims and other ethnic minorities within the Xinjiang Uyghur Autonomous Region, proponents of democracy – including those in Hong Kong – and followers of the Falun Gong spiritual practice.

List of Malicious Applications

The NCSC published documentation on Wednesday listing over 100 malicious Android applications. These apps disguised themselves as legitimate programs, including: