Warning issued over MOONSHINE and BADBAZAAR malware

MOONSHINE and BADBAZAAR are examples of apps that embed harmful functionalities within seemingly legitimate software—a method known as trojanising.

Spyware, a form of malicious software (malware), operates by secretly gathering data from a user’s device without their knowledge or consent. It can log keystrokes, capture screenshots, steal login credentials, access email addresses, and collect other sensitive personal information.

Some of the apps are known to mimic popular platforms like WhatsApp and Skype, while others have been set up as standalone platforms to attract interest from potential victims in the targeted communities. 

According to recent advisories, these trojanised apps are used to target individuals across the globe, particularly those engaged in topics the Chinese government perceives as threats to its national stability. Some of these apps are crafted to mimic legitimate software or appeal specifically to their intended victims.

To enhance user safety, the advisories include recommended mitigations for app store platforms, developers, and social media companies.

Individuals who may be at risk of being targeted are urged to follow this guidance to better safeguard their devices and personal data.

These advisories have been issued jointly by the UK’s National Cyber Security Centre (NCSC), Australia’s Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), Germany’s Federal Intelligence Service (BND) and Federal Office for the Protection of the Constitution (BfV), as well as the United States’ FBI and NSA.

“We are seeing a rise in digital threats designed to silence, monitor, and intimidate communities across borders,” NCSC Director of Operations Paul Chichester said in a statement.

You can read the full advisory here – https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-technical-analysis-and-mitigations.pdf

---