Governments identify dozens of Android apps bundled with spyware

CodeCanyon · May 3

A coalition of governments has published a list of legitimate-looking Android apps that were actually spyware and were used to target civil society that may oppose China’s state interests.

On Tuesday, the U.K.’s National Cyber Security Centre, or NCSC, which is part of intelligence agency GCHQ, along with government agencies from Australia, Canada, Germany, New Zealand, and the United States, published separate advisories on two families of spyware, known as BadBazaar and Moonshine.

These two spywares hid inside legitimate-looking Android apps, acting essentially as “Trojan” malware, with surveillance capabilities such as the ability to access the phone’s cameras, microphone, chats, photos, and location data, the NCSC wrote in a press release on Wednesday.

BadBazaar and Moonshine, which have been previously analyzed by cybersecurity firms like Lookout, Trend Micro, and Volexity, as well as the digital rights nonprofit Citizen Lab, were used to target Uyghurs, Tibetans, and Taiwanese communities, as well as civil society groups, according to the NCSC.

Uyghurs are a Muslim-minority group largely in China that has for years faced detention, surveillance, and discrimination from the Chinese government, and thus has frequently been the target of hacking campaigns.

“The apps specifically target individuals internationally who are connected to topics that are considered by the Chinese state to pose a threat to its stability, with some designed to appeal directly to victims or imitate popular apps,” the NCSC said Wednesday. “The individuals most at risk include anyone connected to Taiwanese independence; Tibetan rights; Uyghur Muslims and other ethnic minorities in or from China’s Xinjiang Uyghur Autonomous Region; democracy advocacy, including Hong Kong, and the Falun Gong spiritual movement.”

In one of the two documents published by the NCSC on Wednesday, there is a list of the malicious apps, which includes more than 100 Android apps masquerading as Muslim and Buddhist prayer apps; chat apps like Signal, Telegram, and WhatsApp; other popular apps like Adobe Acrobat PDF reader; and utility apps.

Techcrunch event