A global coalition of intelligence and cybersecurity agencies has uncovered over 100 Android apps secretly laced with spyware. These apps, disguised as everyday tools and communication platforms, were reportedly used to spy on individuals and groups critical of China’s state interests.
On Tuesday, the U.K.’s National Cyber Security Centre (NCSC)—part of the intelligence agency GCHQ—released a warning alongside similar advisories from cybersecurity authorities in the United States, Canada, Germany, Australia, and New Zealand. The collective reports reveal that two major spyware families—BadBazaar and Moonshine—were hidden inside apps that looked completely legitimate.
These spyware tools were embedded within apps mimicking popular services like chat messengers, document readers, and even religious prayer apps. Once installed, they granted remote access to users’ cameras, microphones, chats, photos, and location data, turning smartphones into surveillance devices.
Targets Included Uyghurs, Tibetans, and Democracy Advocates
Cybersecurity experts from organizations like Lookout, Trend Micro, Volexity, and Citizen Lab have previously flagged these spyware campaigns. The tools have been used to infiltrate the devices of Uyghurs, Tibetans, Taiwanese, and human rights activists across the globe.
Uyghur Muslims, a persecuted minority in China’s Xinjiang region, have long been targets of state-led surveillance and detainment. Similarly, Tibetans and pro-democracy advocates connected to Hong Kong, Taiwanese independence, and the Falun Gong spiritual movement are frequently monitored by entities aligned with Beijing’s interests.
According to the NCSC, these malicious apps were “crafted to appeal to and trick targeted individuals,” including some that mimicked Signal, Telegram, WhatsApp, and Adobe Acrobat PDF reader. Several even posed as Muslim or Buddhist prayer apps—intentionally designed to lure users with specific cultural or religious backgrounds.
iOS Also Not Immune: TibetOne App Found on App Store
While the bulk of the spyware was found on Android, the NCSC did flag at least one iOS app named TibetOne, which was available on Apple’s App Store as recently as 2021. This suggests the campaign wasn’t limited to Android users and may have extended into Apple’s typically more secure ecosystem.
The agencies involved did not specify how long these apps were active or how many people may have been affected. Still, the warning serves as a stark reminder of how state-backed spyware continues to evolve—now hiding in plain sight within the digital tools we use daily.
As of now, Google and Apple have not issued public statements in response to the findings.
