Select Page

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts.

This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artefact dubbed MOONSHINE by researchers from the University of Toronto’s Citizen Lab in September 2019.

“Mobile surveillance tools like BadBazaar and MOONSHINE can be used to track many of the ‘pre-criminal’ activities, actions considered indicative of religious extremism or separatism by the authorities in Xinjiang,” Lookout said in a detailed write-up of the operations.

The BadBazaar campaign, according to the security firm, is said to date as far back as late 2018 and comprise 111 unique apps that masquerade as benign video players, messengers, religious apps, and even TikTok.

While these samples were distributed through Uyghur-language social media platforms and communication channels, Lookout noted it found a dictionary app named “Uyghur Lughat” on the Apple App Store that communicates with a server used by its Android counterpart to gather basic iPhone information.

The iOS app continues to be available on the App Store.

images from Hacker News