The Bundesamt für Verfassungsschutz and the British National Cyber Security Centre have issued a warning about the potential dangers posed by the malware known as “Moonshine” and “BadBazaar.” These surveillance programs are designed to infect smartphones in order to collect sensitive data, with both being linked to Chinese state-sponsored hacker groups. The main targets of these programs are minorities and activists, particularly the Uighurs, Tibetans, and Taiwanese. Victims are lured into installing the malware through fake messenger apps that mimic popular platforms like Signal, Telegram, and WhatsApp.
“Moonshine” is attributed to the Chinese hacker group known as “Poison Carb,” which focuses on Tibetan and Uighur communities and supporters of independence movements. The malware is hidden within seemingly legitimate apps, such as religious or social apps, and once installed, it can access real-time location data, messages, photos, and other files, as well as gain control over the smartphone’s microphone and camera.
“BadBazaar,” on the other hand, is believed to originate from the hacker group “APT15,” also known as “Vixen Panda.” While primarily targeting Uighurs and Tibetans within China, this malware is also being used internationally according to security assessments. Similar to “Moonshine,” “BadBazaar” collects a wide range of data including location information, contacts, call logs, and SMS messages. It also has the ability to access the camera and microphone, as well as search through files on the device.
These warnings serve as a reminder of the ongoing threats posed by state-sponsored cyber espionage and surveillance. The use of sophisticated malware like “Moonshine” and “BadBazaar” highlights the lengths to which some governments will go to monitor and control their populations, particularly those who are part of marginalized or dissenting communities. As technology continues to advance, it is increasingly important for individuals and organizations to remain vigilant and take steps to protect their digital privacy and security.