Security News > 2022 > November > Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs

Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs
2022-11-11 14:26

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts.

The BadBazaar campaign, according to the security firm, is said to date as far back as late 2018 and comprise 111 unique apps that masquerade as benign video players, messengers, religious apps, and even TikTok.

While these samples were distributed through Uyghur-language social media platforms and communication channels, Lookout noted it found a dictionary app named "Uyghur Lughat" on the Apple App Store that communicates with a server used by its Android counterpart to gather basic iPhone information.

Further analysis of BadBazaar's infrastructure has revealed overlaps with another spyware operation aimed at the ethnic minority that came to light in July 2020 and which made use of an Android toolset called DoubleAgent.

"The majority of these samples are trojanized versions of popular social media platforms, like WhatsApp or Telegram, or trojanized versions of Muslim cultural apps, Uyghur-language tools, or prayer apps," the researchers said.

Prior malicious cyber activities leveraging the MOONSHINE Android spyware kit have been attributed to a threat actor tracked as POISON CARP, a China-based nation-state collective known for its attacks against Uyghurs.


News URL

https://thehackernews.com/2022/11/experts-uncover-two-long-running.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Android 4 0 17 2 0 19