Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Australian cyber agency joins global partners in warning of malicious cyber actors targeting smartphones and other devices.
The Australian Signals Directorate’s Australian Cyber Security Centre and cyber security agencies from Canada, Germany, New Zealand, and the US have partnered to warn of a spyware campaign targeting democracy movements; members of Falun Gong; and individuals with connections to Taiwan, Tibet, and Xinjiang Uyghur Autonomous Region.
While the ACSC and its international partners do not specifically attribute the spyware campaign to China, they do note the data collected by the campaign “would almost certainly be of value to the Chinese state”.
The campaign revolves around two sets of malware, dubbed MOONSHINE and BADBAZAAR. Both are Trojans, carefully hidden inside what appears to be perfectly normal applications either downloaded from a traditional app store or file-sharing platforms. The actors behind the campaign have even been observed taking part in forums used by their target groups, actively sharing the suspect apps with their victims.
Once installed, the spyware takes advantage of vulnerabilities in the host device or the app asks the users for permission to access certain data: the collected information – location data and tracking, messages, photos, and device information. The spyware can also access the device’s camera and microphone.
“The actors then exploit the legitimate interests of at-risk groups, to identify and infect as many victims as possible, and gain access to their data,” the ACSC said in an 9 April advisory.
“One way they do this is by designing apps they know will appeal to their victims, such as apps which support their native languages, or contain content specific to locations such as Tibetan regions of China or Xinjiang.”
The entities being targeted include non-governmental organisations, businesses and individuals with ties to or who support the targeted groups, and journalists. However, given the way the spyware can spread, as it is shared around the targeted communities, it’s likely it has spread well beyond those groups.
The ACSC and its partners recommend that individuals and organisations that may be a target for the spyware campaign refrain from rooting or jailbreaking their mobile devices and to only use trusted, official app stores. Installed apps should be regularly reviewed and any suspicious messages or activity should be reported.
Similar malware families have been observed in use in China, with similar groups, which the country sees as threats to its stability.
China has been actively trying to gather information on individuals currently residents in Australia. In March, Foreign Minister Penny Wong warned China over letters offering around HK$1 million for information on Hong Kong dissident Kevin Yam, an Australian citizen.
“The Australian government does not accept other governments interfering with our citizens, making anybody feel unsafe,” Wong said during a news conference in March.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
