China Spyware Warning—iPhone And Android At Risk From New Attack

Apple iPhone and Google Android users across the world are being targeted by spyware apps deployed by China based adversaries, according to a new warning from officials.

The alert from agencies including FBI, NSA and U.K. National Cyber Security Center aims to raise awareness about the growing threat that malicious cyber attackers pose to certain individuals.

The NCSC’s advisory details techniques used by malicious cyber attackers using spyware known as BADBAZAAR and MOONSHINE to target data on mobile devices including Android or iPhone smartphones that could be of interest to the Chinese state.

The warning covers spyware that lands on devices via rogue apps that appear to be legitimate via a technique called trojaning. Targeting Uighur, Tibetan and Taiwanese communities, the rogue apps include “Tibet One” and “Audio Quran” apps, as well as some mimicking WhatsApp and Skype.

“The indiscriminate way this spyware is spread online also means there is a risk that infections could spread beyond intended victims,” the advisory warned.

The warning to all Android and Apple iPhone users comes at a time when spyware poses a significant risk.

Once spyware is on an iPhone or Android device, it can read your messages — even those encrypted via WhatsApp or Signal because adversaries can see everything on your screen. Spyware also allows attackers to take control of your mic and camera, stealing your location data to track your movements.

China Spyware — What To Do

Spyware is often disguised in seemingly harmless apps, particularly those downloaded from third party stores. But even trivial apps can have serious consequences if they contain hidden malware, says Jake Moore, global cybersecurity advisor at ESET.

“Malware is often hidden in Trojan apps found on third party app stores which typically have far less stringent security checks compared to mainstream platforms such as the Apple App Store and Google Play Store,” Moore says.

Moore advises users to stick to trusted app stores, check reviews and use antivirus software to stay protected. “As with any software, it is always wise to install with extreme caution, especially when it has been developed from an unknown location or arrives on your device in a message as a simple link,” Moore says.

Spyware is usually very targeted, with at risk groups including journalists, dissidents and businesses operating in certain sectors. However, it’s a good idea to ensure you have applied the latest iPhone and Google Android updates to ensure attackers can’t take advantage of weaknesses in software to plant spyware.

If you think you have been targeted by spyware, the malware is very difficult to get rid of. However, you can disrupt it temporarily by turning your device on and off again. There are also several apps that claim to be able to spot spyware, but if you have become a victim, the best thing to do is to stop using your device altogether.