The NCSC, part of the U.K.’s GCHQ intelligence agency, as well as international government and industry partners, uncovered the technical underpinnings of the surveillance software and offered guidance and technical analysis to cybersecurity experts and app store operators and developers. The Audio Quran app uses MOONSHINE spyware to track Uyghurs, NCSC said, creating trust by using the Uyghur language in the file name and describing itself as containing content related to the Quran, the main religious text of Islam. The U.K.’s National Cyber Security Centre and international cybersecurity and intelligence agencies on Wednesday said hackers are deploying two forms of previously identified spyware to snoop on Uyghur, Tibetan and Taiwanese individuals and civil society organizations. Two standalone apps, Tibet One and Audio Quran, are available in users’ native languages and are pushed in online gathering places known to attract members of the targeted communities. The NCSC is warning at-risk populations to only use known app stores, check apps once installed and routinely review permissions, report questionable messages and files and carefully inspect shared files and links on social media. Spyware-infected apps are being used to target individuals and organizations worldwide who are tied to activities “considered by the Chinese state to pose a threat to its stability,” NCSC said in a press release. The surveillance software — labeled MOONSHINE and BADBAZAAR — breaks into device microphones and cameras and harvests messages, photos and location data, allowing users to be monitored in real time without their knowledge. Some of the apps mimic popular platforms like WhatsApp and Skype, while others have been set up as standalone platforms to attract interest from potential victims in the targeted communities. Device owners who are thought to be most at risk of targeting are those tied to Taiwan’s independence movement, Tibetan rights organizations and Uyghur Muslims. For example, hackers shared the Tibet One app in Telegram channels focused on the region and in relevant Reddit forums, NCSC said. “We are seeing a rise in digital threats designed to silence, monitor, and intimidate communities across borders,” NCSC Director of Operations Paul Chichester said in a statement. Ethnic minorities in or from China’s Xinjiang Uyghur Autonomous Region, those advocating for democracy and members of the Falun Gong faith are also believed to be at risk. Parts of Tibet are an autonomous region within China, whose government has cracked down on an independence movement there.
This Cyber News was published on therecord.media. Publication date: Tue, 08 Apr 2025 23:20:19 +0000