Governments uncover network of spyware-laden Android apps targeting civil society

A group of Western intelligence and cybersecurity agencies has revealed that more than a hundred Android apps, appearing to be legitimate, were secretly embedded with spyware. These apps are believed to have been used to surveil individuals and groups perceived as political or ideological threats by the Chinese government.

On Tuesday, the U.K.’s National Cyber Security Centre (NCSC)—a division of the intelligence agency GCHQ—released details of two distinct malware families, known as BadBazaar and Moonshine. The announcement was part of a coordinated effort with allied agencies in the United States, Canada, Australia, New Zealand, and Germany.

These spyware tools were disguised within everyday mobile applications, including religious prayer apps, encrypted messaging platforms, and document readers. While seemingly innocuous, the apps covertly granted attackers access to sensitive device functions such as cameras, microphones, photos, location data, and private communications.

Previous analyses by cybersecurity organizations like Lookout, Trend Micro, Volexity, and the digital rights watchdog Citizen Lab had already flagged BadBazaar and Moonshine as threats. These tools have reportedly been deployed against targeted communities, including Uyghur Muslims, Tibetans, Taiwanese nationals, and pro-democracy advocates.

The NCSC indicated that the malicious apps were strategically designed to resonate with users from these communities—mimicking culturally relevant tools or impersonating trusted brands and services like Signal, WhatsApp, Telegram, and Adobe Acrobat.

A comprehensive list released by the agency includes over 100 Android apps identified as spyware, along with at least one iOS app, TibetOne, which appeared on Apple’s App Store in 2021. The reach of these campaigns demonstrates the use of mobile apps as a vector for transnational digital surveillance.

According to the NCSC, those most at risk include individuals associated with issues that the Chinese state deems politically sensitive, such as advocacy for Tibetan or Taiwanese independence, support for Uyghur and other minority rights, pro-democracy efforts in Hong Kong, and followers of the Falun Gong spiritual movement.