#badbazaar — Public Fediverse posts

List of apps affected by #BadBazaar and #Moonshine #malware begins on p. 20 of this document.
https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf

@remixtures
List of apps affected by #BadBazaar and #Moonshine #malware begins on p. 20 of this document.
https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf

Governments identify dozens of #Android #apps bundled with #spyware
#BadBazaar and #Moonshine, which have been previously analyzed by cybersecurity firms and digital rights nonprofit #CitizenLab, were used to target #Uyghurs, #Tibetans, and #Taiwanese communities. These two spywares hid inside legitimate-looking apps, acting essentially as “trojan” #malware, with #surveillance capabilities such as access the phone’s cameras, microphone, chats, photos, and location data.
https://techcrunch.com/2025/04/09/governments-identify-dozens-of-android-apps-bundled-with-spyware/

Das australische Cybersicherheitszentrum hat zusammen mit anderen ein Warnung zu schadhaften Apps veröffentlicht.
Unter den Namen #BadBazaar und #Moonshine verbirgt sich eine #Spyware. Diese kann auf Kamera, Mikrofon und einiges mehr zugreifen. Ziel der Malware sind Gruppen von Uighuren, Tibetanern und Taiwanesen.

https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf

Technische Details:
https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-technical-analysis-and-mitigations.pdf

#malware #android

BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors
#BadBazaar #MOONSHINE #APT15
https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf

I hope everyone is enjoying their weekend!

The Volexity researchers have been tracking the APT known as #EvilBamboo for over 5 years. Recently they have been targeting #Android devices and creating fake websites and social media profiles to help deploy the browser-based exploits. They have been using three different Android spyware that have been dubbed #BadBazaar, #BadSignal, and #BadSolar. This is an extremely informative and enjoyable article that covers a lot of technical details! Enjoy and Happy Hunting!

EvilBamboo Targets Mobile Devices in Multi-year Campaign
https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

@volexity's #theatintel team works with some of the most targeted groups in the world. Today, at the LABScon conference, we are sharing details of a long-running campaign by EvilBamboo. We have also just published details on our blog: https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/.

Our analysis has uncovered evidence of the attacker building online communities on various social media & messaging platforms, creating fake personas on social media sites, and using other #socialengineering techniques in order to distribute #Android malware, including #BADBAZAAR. Additionally, there is strong evidence of #iOS device targeting and likely exploitation using IRONSQUIRREL.

#dfir #security

#Android-#Malware: #Badbazaar wurde im Google Play Store und Samsung-Store verteilt | Security https://www.heise.de/news/Android-Malware-Badbazaar-wurde-im-Google-Play-Store-und-Samsung-Store-verteilt-9290217.html #Spyware #APT #gref

#China accused of hiding #spyware in app stores. APT #GREF put #BadBazaar in cloned #Signal & #Telegram.

#Google acted (slowly), but #Samsung failed to do anything. In today’s #SBBlogwatch, we’re all about the déjà vu. At #TechstrongGroup’s #SecurityBlvd: https://securityboulevard.com/2023/08/badbazaar-signal-telegram-gref-richixbw/?utm_source=richisoc&utm_medium=social&utm_campaign=richisoc