Spyware accessing phone audio and cameras for data ‘of use to China’, NCSC warns

9 April 2025, 00:04

Person in yellow coat using smartphone on a train
Male person using smartphone while traveling by train mobile phone in hands close up. Picture: PA

The apps inside legitimate software in a technique known as trojanising, cyber experts warn.

Uighur, Tibetan and Taiwanese communities across the world are being targeted by spyware apps combing data likely to be of value to China, UK cyber experts have warned.

Malicious software dubbed MOONSHINE and BADBAZAAR is accessing microphones, cameras, messages, photos and location data without users being aware, GCHQ’s National Cyber Security Centre (NCSC) said.

The apps hide inside legitimate software in a technique known as trojanising, and are being used specifically to target individuals internationally who are linked to issues considered by Beijing to pose a threat to its security, experts warn.

In new guidance, the NCSC, along with agencies in Australia, Canada, Germany, New Zealand and the US, is advising people to take four key steps to protect their devices.

BADBAZAAR AND MOONSHINE collect data which would almost certainly be of value to the Chinese state

NCSC and international partners

People must “stay mainstream” by only using trusted app stores, “stay organised” by reviewing installed apps and permissions regularly, “stay in touch” by reporting suspicious files, and “stay safe” by checking shared files and links, it says.

The apps often mimic popular software, with some designed to appeal directly to victims.

Examples of software include “Tibet One” and “Audio Quran” apps, which support targets’ native languages and have been promoted in online forums frequented by intended users, as well as some apps imitating the likes of WhatsApp and Skype.

Data being collected is “almost certainly of value” to the Chinese government and could facilitate surveillance and harassment, cyber experts warn.

Civil society groups are also being targeted, according to the advisory.

The guidance was published jointly by the NCSC, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the German Federal Intelligence Service, the German Federal Office for the Protection of the Constitution, the New Zealand National Cyber Security Centre, the US Federal Bureau of Investigation and the US National Security Agency.

It says: “Although BADBAZAAR and MOONSHINE have been observed targeting Uighur, Tibetan and Taiwanese individuals, there are other malware that target other minority groups in China. Citizens from co-sealing nations, in China and abroad, who are perceived to be supporting causes that threaten regime stability are almost certainly under threat from mobile malware such as BADBAZAAR and MOONSHINE.

“The capability to capture location, audio and photo data almost certainly provides the opportunity to inform future surveillance and harassment operations by providing real-time information on the target’s activity.”

By Press Association

More Technology News

See more More Technology News

People ride an upward escalator next to the Dior store at the Icon Siam shopping mall on June 12, 2024 in Bangkok, Thailand.

Luxury fashion giant Dior latest high-profile retailer to be hit by cyber attack as customer data accessed

A plane spotter with binoculars from behind watching a British Airways plane landing

‘Flying taxis’ could appear in UK skies as early as 2028, minister says

Apple App Store

Take on Apple and Google to boost UK economy, think tank says

A survey of more than 1,000 employers found that around one in eight thought AI would give them a competitive edge and would lead to fewer staff.

One in three employers believe AI will boost productivity, research finds

Hands on a laptop showing an AI search

One in three employers believe AI will boost productivity, research finds

Music creators and politicians take part in a protest calling on the Government to ditch plans to allow AI tech firms to steal their work without payment or permission opposite the Houses of Parliament in London.

Creatives face a 'kind-of apocalyptic moment’ over AI concerns, minister says

Ngamba Island Chimpanzee Sanctuary on Lake Victoria, Uganda

Chimps use medicinal plants to treat each other's wounds and practice 'self-care' as scientists hail fascinating discovery

Close up of a person's hands on the laptop keyboard

Ofcom investigating pornography site over alleged Online Safety Act breaches

The Monzo app on a smartphone

Monzo customers can cancel bank transfers if they quickly spot an error

Co-op sign

Co-op to re-stock empty shelves as it recovers from major hack

The study said that it was often too easy for adult strangers to pick out girls online and send them unsolicited messages.

Social media platforms are failing to protect women and girls from harm, new research reveals

Peter Kyle leaves 10 Downing Street, London

Government-built AI tool used to cut admin work for human staff

In its last reported annual headcount in June 2024, Microsoft employed 228,000 full-time workers

Microsoft axes 6,000 jobs despite strong profits in recent quarters

Airbnb logo

Airbnb unveils revamp as it expands ‘beyond stays’ to challenge hotel sector

A car key on top of a Certificate of Motor Insurance and Policy Schedule

Drivers losing thousands to ghost broker scams – the red flags to watch out for

Marks and Spencer cyber attack

M&S customers urged to ‘stay vigilant’ for fraud after data breach confirmed