Skip to main content

5 ways to avoid spyware disguised as legit apps - before it's too late

You may not be the intended target of these malicious apps masquerading as legitimate programs, but you can still be their victim.


Several government security agencies worldwide warn people about spyware snooping on mobile phone users' private data.

An advisory from the various agencies issued on Wednesday reveals that the spyware variants have targeted users connected to Taiwanese independence and similar movements. Known as Badbazaar and Moonshine, the two spyware strains have been spoofing legitimate apps to trick unsuspecting victims.

The advisory comes from a host of agencies, including the Australian Cyber Security Centre (part of the Australian Signals Directorate), the Canadian Centre for Cyber Security (part of the Communications Security Establishment), the German Federal Intelligence Service, the German Federal Office for the Protection of the Constitution, the New Zealand National Cyber Security Centre (part of the Government Communications Security Bureau), and the FBI and NSA in the US.

The agencies said that the spyware specifically targets individuals connected to areas the Chinese government considers a threat to their authority, ambitions, and reputation. People most at risk include anyone associated with Taiwanese independence, Tibetan rights, Uyghur Muslims and other ethnic minorities from China's Xinjiang Uyghur Autonomous Region, democracy advocates in Hong Kong and elsewhere, and the Falun Gong spiritual movement.

Though aimed at non-governmental organizations (NGOs), journalists, businesses, and individuals who advocate for or represent the targeted groups, the spyware spreads randomly. That means it could expand beyond the targeted victims to other mobile phone users worldwide.

Like any type of spyware, Badbazaar and Moonshine attempt to compromise a mobile device to steal confidential or sensitive information. These particular variants aim to access location data with real-time tracking, the microphone and camera, photos and other files saved on the phone, and device information.

The cybercriminals behind this attack try to make the spyware appear legitimate by uploading it to official app stores like Google Play and Apple's App Store or by adding malicious code to otherwise benign apps.

In campaigns observed over the past few years, Badbazaar and Moonshine spyware spoofed apps such as Adobe Acrobat, Signal, Skype, SwiftKey keyboard, Telegram, and WhatsApp. They've also impersonated apps that would interest the intended victims, including Buddhist Songs, an English-to-Uyghur dictionary, Singing Bowl Sounds, Tibetan Prayer, and a Uyghur Keyboard.

Though these spyware strains target specific groups, malicious apps can pose a threat to anyone. The advisory offers several recommendations on how to protect yourself.

  • Download apps only from official app stores. 

To be on the safe side, limit your downloads to Google Play or Apple's App Store. Yes, apps from official stores can still be malicious. But those from unofficial stores offer no protection or security at all. Check out the NCSC's threat report on app stores to learn more.

  • Keep your device and apps up to date. 

Download and install the latest security updates for your mobile device. Consider enabling automatic updates to grab them as soon as they're available. For more tips, review the NCSC's top tips for staying secure online.

  • Don't jailbreak or root your device. 

Tempting though it may be, jailbreaking your iPhone or rooting your Android phone bypasses the built-in security defenses, leaving the device more vulnerable to malware and compromise.

  • Review your apps and their permissions.

Restrict or remove any permissions that aren't necessary for a particular app, especially ones that involve the camera or microphone. Here's how to do that on an iPhone and an Android device.

  • Use Google Play Protect. 

If you download Android apps from Google Play, ensure Google Play Protect is turned on. By enabling the setting for "Improve harmful app detection," you can send an unknown or suspicious app to Google for analysis. For help, check out Google's support page on how to keep your apps safe and your data private.
Labels:

Comments

Post a Comment

Popular posts from this blog

Top 10 Footballers With Their Current Assets 2024-2025

Top 10 Football Players in 2024-2025: Career Achievements, Net Worth, and Assets Football is not just a sport—it’s a global phenomenon that turns athletes into legends and millionaires into billionaires. The world’s best footballers earn staggering salaries, lucrative endorsements, and invest in luxury assets ranging from supercars to private jets. In this article, we rank the top 10 football players of 2024 based on their skill, influence, and financial success. We’ll break down their net worth, salaries, endorsement deals, and most valuable assets in a detailed chart. 1. Cristiano Ronaldo (Al-Nassr & Portugal) Net Worth: 580Million∗∗Salary(2024):∗∗ 580Million∗∗Salary(2025):∗∗ 200 Million (Al-Nassr) Endorsements: Nike, CR7 Brand, Herbalife, Tag Heuer Key Assets: Private Jet:   Gulfstream G650 ($65M) Supercars:  Bugatti Chiron (3.3M),  Rolls−RoyceCullinan(3.3M),  Rolls−RoyceCullinan(500K) Real Estate:  25 M Madrid mansion,  25M Madrid mansion, 18.7M NYC...
Post a Comment
Read more

Paige Bueckers to Sign 3-Years Deal

  Sources: Paige Bueckers to sign 3-year deal with Unrivaled 2.8K Projected No. 1 WNBA draft pick Paige Bueckers is signing a three-year deal with the 3-on-3 league Unrivaled, sources told ESPN on Sunday. Bueckers' first-year salary for the 10-week Unrivaled season will exceed what she would make in four years of her WNBA rookie contract, sources said. If Bueckers is the top pick in the draft, she is set to earn $78,831 in her first year, according to the WNBA's collective bargaining agreement. Last year, Bueckers signed an NIL deal with Unrivaled, giving her league equity. She didn't play in Unrivaled while finishing college with the UConn Huskies, winning her first national title in the NCAA tournament championship on April 6. Bueckers averaged 19.9 points, 4.9 assists, and 4.4 rebounds while shooting 53.4% from the field, including 41.9% from 3-point range, in her last season at UConn. She can be a franchise-altering player for the Dallas Wings, who have the ...
Post a Comment
Read more

7 strategic insights business and IT leaders need for AI transformation in 2025

Enterprise Connect 2025 highlighted the necessity of practical and scalable tech solutions to unlock new levels of growth and innovation in an AI-powered world. Enterprise Connect 2025, the largest communications, collaboration, and CX Conference in North America, highlighted a critical shift in enterprise communications and CX, emphasizing AI-enabled transformation, deep platform integration, and workflow automation. This year's event reinforced that technology decisions must be strategic, outcome-focused, and scalable. Below are the most significant insights business and IT leaders must understand to drive measurable impact and maintain a competitive advantage in 2025 and beyond. 1. AI agents: The new standard for efficiency and engagement AI-powered agents have moved beyond proof-of-concept to full-scale enterprise deployment. Organizations leveraging AI-driven customer service and internal automation are seeing measurable gains in efficiency, cost savings, and user satisfactio...
Post a Comment
Read more