20.5k unique visitors in the last 3 days

Security Agencies Warn of Phone Spyware in Apps for Uyghurs, Tibetans and Taiwanese

The goal appears to be surveillance of potential opponents of the Chinese Communist Party.

National security agencies in Australia, Canada, Germany, New Zealand, the UK and the USA have jointly issued an advisory about the increasing prevalence of two kinds of spyware within apps that target communities of Uyghurs, Tibetans and Taiwanese. All three groups have endured oppression, invasion or threats of invasion from mainland China’s communist government.

The spyware comes within seemingly legitimate apps aimed at these specific communities, such as audio versions of the Quran in the Uyghur language and an app for a website that promoted Tibetan culture. These apps have been made available via official app stores. The authorities also cite numerous examples of the spyware being found in clones of apps with more widespread appeal, including:

  • Adobe Acrobat;
  • Skype;
  • Telegram;
  • the Truecaller app for blocking spam robocalls;
  • a VPN provider; and
  • Whatsapp.

Two kinds of spyware have been identified, named Moonshine and Badbazaar. Moonshine is Android spyware while Badbazaar has both iOS and Android variants.

The spyware is designed to hide malicious functions inside otherwise legitimate apps using a technique called ‘trojanizing’. These apps are able to perform real-time location tracking, and they can also access the phone’s microphone, camera and message library without the user’s knowledge.

Paul Chichester of the UK’s National Cyber Security Centre (NCSC) said:

We are seeing a rise in digital threats designed to silence, monitor, and intimidate communities across borders, and the use of these two forms of spyware is clearly unacceptable.

It is hardly news that governments use apps to monitor the movements of individuals who resist their authority. Nevertheless, the number of websites dedicated to spreading these surveillance apps and the appearance of these apps in legitimate app stores shows how everybody is at risk. A government that targets one particular race, religious or language community today may use the same techniques to oppress other groups in future.

The NCSC version of the technical analysis for Badbazaar and Moonshine is here. Their recommendations for how Uyghurs, Tibetans and Taiwanese can protect themselves from spyware is here. Their news release is here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email