Thought Leadership
The German Federal Office for the Protection of the Constitution and the British National Cyber Security Center warn of the danger posed by the malware programs “Moonshine” and “BadBazaar”.
These are two variants of surveillance software that specifically infect smartphones in order to collect sensitive data. Both are associated with Chinese state-backed hacker groups and are primarily used to monitor minorities and activists, particularly Uyghurs, Tibetans and Taiwanese. Victims of the campaign are to be persuaded to install the malware via fake messenger apps – counterfeits of programs such as Signal, Telegram and WhatsApp.
“Moonshine” and “BadBazaar”
“Moonshine” is attributed to the Chinese hacker group “Poison Carb”. It targets Tibetan and Uyghur communities as well as supporters of independence movements. The malware is hidden in seemingly legitimate apps, such as religious or social apps. Once installed, it can retrieve real-time location data, messages, photos and other files and gains access to the smartphone’s microphone and camera.
“BadBazaar” is said to originate from the hacker group “APT15”, which is also known as “Vixen Panda”. The malware was also primarily developed to monitor Uyghurs and Tibetans within China, but according to the security services, it is also used internationally. Similar to “Moonshine”, “BadBazaar” collects a wide range of data, including location information, contacts, call logs and text messages. It can also access the camera and microphone and search through files.
International cooperation
The security advice was primarily formulated by experts from the Office for the Protection of the Constitution and the British NCSC. However, experts from intelligence and security services as well as law enforcement agencies from the USA (FBI and NSA), Australia, Canada and New Zealand were also involved. The documents will be made available to potential operatives on the web in English and Chinese. They describe in detail how the malware works and how you can protect yourself against the programs.
dpa
