{"id":5923,"date":"2025-04-09T15:26:09","date_gmt":"2025-04-09T15:26:09","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/5923\/"},"modified":"2025-04-09T15:26:09","modified_gmt":"2025-04-09T15:26:09","slug":"governments-identify-dozens-of-android-apps-bundled-with-spyware","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/5923\/","title":{"rendered":"Governments identify dozens of Android apps bundled with spyware"},"content":{"rendered":"<p id=\"speakable-summary\" class=\"wp-block-paragraph\">A coalition of governments has published a list of legitimate-looking Android apps that were actually spyware, and used to target civil society that may oppose China\u2019s state interests.<\/p>\n<p class=\"wp-block-paragraph\">On Tuesday, the U.K.\u2019s National Cyber Security Centre, or NCSC, which is part of intelligence agency GCHQ, along with government agencies from Australia, Canada, Germany, New Zealand, and the United States, published <a rel=\"nofollow noopener\" href=\"https:\/\/www.ncsc.gov.uk\/news\/advisory-badbazaar-moonshine\" target=\"_blank\">separate<\/a> <a rel=\"nofollow noopener\" href=\"https:\/\/www.ncsc.gov.uk\/news\/advisory-badbazaar-moonshine-technical-analysis-mitigations\" target=\"_blank\">advisories<\/a> on two families of spyware, known as BadBazaar and Moonshine.<\/p>\n<p class=\"wp-block-paragraph\">These two spywares hid inside legitimate-looking Android apps, acting essentially as \u201ctrojan\u201d malware, with surveillance capabilities such as the ability to access the phone\u2019s cameras, microphone, chats, photos, and location data, the NCSC wrote in a press release out Wednesday.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">BadBazaar and Moonshine, which have been previously analyzed by cybersecurity firms like <a rel=\"nofollow noopener\" href=\"https:\/\/www.lookout.com\/threat-intelligence\/article\/badbazaar-surveillanceware-apt15\" target=\"_blank\">Lookout<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/www.trendmicro.com\/en_gb\/research\/24\/l\/earth-minotaur.html\" target=\"_blank\">Trend Micro<\/a>, and <a rel=\"nofollow noopener\" href=\"https:\/\/www.volexity.com\/blog\/2023\/09\/22\/evilbamboo-targets-mobile-devices-in-multi-year-campaign\/\" target=\"_blank\">Volexity<\/a>, as well as the digital rights nonprofit <a rel=\"nofollow noopener\" href=\"https:\/\/citizenlab.ca\/2019\/09\/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits\/\" target=\"_blank\">Citizen Lab<\/a>, were used to target Uyghurs, Tibetans, and Taiwanese communities, as well as civil society groups, according to the NCSC.<strong>\u00a0<\/strong><\/p>\n<p class=\"wp-block-paragraph\">Uyghurs are a Muslim-minority group largely in China that has for years <a href=\"https:\/\/techcrunch.com\/2022\/04\/13\/xinjiang-prisoner-hikvision-china\/\" target=\"_blank\" rel=\"noopener\">faced detention<\/a>, surveillance, and discrimination from the Chinese government, and thus has frequently <a href=\"https:\/\/techcrunch.com\/2019\/09\/24\/tibetans-iphone-android-hacks-uyghurs\/\" target=\"_blank\" rel=\"noopener\">been<\/a> the <a href=\"https:\/\/techcrunch.com\/2021\/03\/24\/facebook-earth-empusa-evil-eye-china-uyghur\/\" target=\"_blank\" rel=\"noopener\">target<\/a> of <a href=\"https:\/\/techcrunch.com\/2021\/09\/02\/fbi-china-hacking-uyghurs\/\" target=\"_blank\" rel=\"noopener\">hacking<\/a> <a href=\"https:\/\/techcrunch.com\/2019\/08\/31\/china-google-iphone-uyghur\/\" target=\"_blank\" rel=\"noopener\">campaigns<\/a>.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe apps specifically target individuals internationally who are connected to topics that are considered by the Chinese state to pose a threat to its stability, with some designed to appeal directly to victims or imitate popular apps,\u201d the NCSC said Wednesday. \u201cThe individuals most at risk include anyone connected to: Taiwanese independence; Tibetan rights; Uyghur Muslims and other ethnic minorities in or from China\u2019s Xinjiang Uyghur Autonomous Region; democracy advocacy, including Hong Kong, and the Falun Gong spiritual movement.\u201d<\/p>\n<p class=\"wp-block-paragraph\">In one of the two documents published by the NCSC on Wednesday, there is a list of the malicious apps, which includes more than 100 Android apps masquerading as Muslim and Buddhist prayer apps, chat apps like Signal, Telegram, and WhatsApp, and other popular apps like Adobe Acrobat PDF reader, as well as utility apps.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The NCSC also mentions one iOS app called TibetOne, which was listed on Apple\u2019s App Store in 2021.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Google and Apple did not immediately respond to a request for comment.<\/p>\n","protected":false},"excerpt":{"rendered":"A coalition of governments has published a list of legitimate-looking Android apps that were actually spyware, and used&hellip;\n","protected":false},"author":2,"featured_media":5924,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3159],"tags":[2061,1662,1395,3203,867,547,3204,3205,53,3206,16,15,3207],"class_list":{"0":"post-5923","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-mobile","8":"tag-android","9":"tag-apple","10":"tag-china","11":"tag-gchq","12":"tag-google","13":"tag-mobile","14":"tag-ncsc","15":"tag-spyware","16":"tag-technology","17":"tag-tibet","18":"tag-uk","19":"tag-united-kingdom","20":"tag-uyghurs"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/114308709420192345","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/5923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=5923"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/5923\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/5924"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=5923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=5923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=5923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}