Uyghurs in China and around the world have been targeted by two prolonged surveillance campaigns leveraging Android spyware
tools BadBazaar and new MOONSHINE variants that sought to monitor individuals' whereabouts and exfiltrate sensitive data, according to The Hacker News
Threat actors behind the BadBazaar campaign have leveraged 111 unique apps impersonating TikTok, video players, religious apps, and messengers, to spread spyware since late 2018, a report from Lookout revealed. BadBazaar has been discovered in the "Uyghur Lughat" dictionary app on the Apple App Store, which sends messages to the server of its Android counterpart to facilitate iPhone data collection.
"Since BadBazaar variants often acquire their surveillance capabilities by downloading updates from their [command-and-control server], it is possible the threat actor is hoping to later update the iOS sample with similar surveillance functionality," said researchers.
Meanwhile, more than 50 apps have been found to be leveraged in MOONSHINE attacks since July, with most of the apps being malicious versions of Telegram, WhatsApp, and Muslim cultural or prayer apps.
"BadBazaar and these new variants of MOONSHINE add to the already extensive collection of unique surveillanceware used in campaigns to surveil and subsequently detain individuals in China," said Lookout.