Several government security agencies worldwide are warning people about spyware that’s been snooping on mobile phone users’ private data.
An advisory from the various agencies issued on Wednesday reveals that the spyware variants have been targeting users connected to Taiwanese independence and similar movements. Known as Badbazaar and Moonshine, the two spyware strains have been spoofing legitimate apps in an attempt to trick unsuspecting victims.
Also: Why delaying software updates could cost you more than you think
The advisory comes from a host of agencies, including the Australian Cyber Security Centre (part of the Australian Signals Directorate), the Canadian Centre for Cyber Security (part of the Communications Security Establishment), the German Federal Intelligence Service, the German Federal Office for the Protection of the Constitution, the New Zealand National Cyber Security Centre (part of the Government Communications Security Bureau), and the FBI and NSA in the US.
The agencies said that the spyware specifically targets individuals connected to areas the Chinese government considers a threat to their authority, ambitions, and reputation. People most at risk include anyone associated with Taiwanese independence, Tibetan rights, Uyghur Muslims and other ethnic minorities from China’s Xinjiang Uyghur Autonomous Region, democracy advocates in Hong Kong and elsewhere, and the Falun Gong spiritual movement.
Though aimed at non-governmental organizations (NGOs), journalists, businesses, and individuals who advocate for or represent the targeted groups, the spyware spreads randomly. That means it could expand beyond the targeted victims to other mobile phone users worldwide.
Like any type of spyware, Badbazaar and Moonshine attempt to compromise a mobile device to steal confidential or sensitive information. These particular variants aim to access location data with real-time tracking, the microphone and camera, photos and other files saved on the phone, and device information.
The cybercriminals behind this attack try to make the spyware appear legitimate by uploading it to official app stores like Google Play and Apple’s App Store or by adding malicious code to otherwise benign apps.
Also: How AI will transform cybersecurity in 2025 – and supercharge cybercrime
In campaigns observed over the past couple of years, Badbazaar and Moonshine spyware spoofed apps such as Adobe Acrobat, Signal, Skype, SwiftKey keyboard, Telegram, and WhatsApp. They’ve also impersonated apps that would interest the intended victims, including Buddhist Songs, an English-to-Uyghur dictionary, Singing Bowl Sounds, Tibetan Prayer, and a Uyghur Keyboard.
Though these spyware strains target specific groups, malicious apps can pose a threat to anyone. The advisory offers several recommendations on how to protect yourself.
- Download apps only from official app stores. To be on the safe side, limit your downloads to Google Play or Apple’s App Store. Yes, apps from official stores can still be malicious. But those from unofficial stores offer no protection or security at all. Check out the NCSC’s threat report on app stores to learn more.
- Keep your device and apps up to date. Download and install the latest security updates for your mobile device. Consider enabling automatic updates to grab them as soon as they’re available. For more tips, review the NCSC’s top tips for staying secure online.
- Don’t jailbreak or root your device. Tempting though it may be, jailbreaking your iPhone or rooting your Android phone bypasses the built-in security defenses, leaving the device more vulnerable to malware and compromise.
- Review your apps and their permissions. Restrict or remove any permissions that aren’t necessary for a particular app, especially ones that involve the camera or microphone. Here’s how to do that on an iPhone and an Android device.
- Use Google Play Protect. If you download Android apps from Google Play, ensure Google Play Protect is turned on. By enabling the setting for “Improve harmful app detection,” you can send an unknown or suspicious app to Google for analysis. For help, check out Google’s support page on how to keep your apps safe and your data private.
Also: 5 simple ways to regain your data privacy online – starting today
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.