- Posted April 09, 2025
- Security Advisories
The National Cyber Security Centre (NCSC) has joined the NCSC-UK and other international partners to release two advisories that reveal details about how malicious cyber actors are using two forms of spyware to target individuals in Uyghur, Tibetan and Taiwanese communities, as well as civil society groups.
The malicious software – dubbed MOONSHINE and BADBAZAAR – hide malicious functions inside otherwise legitimate apps in a technique known as ‘trojanising’.
Spyware is a type of malicious software (malware) that collects information from a system without a user’s consent. It can capture keystrokes, screenshots, authentication credentials, personal email addresses, and other personal information.
The advisories warn that the apps target individuals internationally who are connected to topics that are considered by the Chinese state to pose a threat to its stability, with some designed to appeal directly to victims or imitate popular apps.
To help keep users safe, there are mitigations directed at app store operators, developers and social media companies.
Individuals at risk of being targeted by these spyware apps are strongly encouraged to follow this new advice to help protect their devices and data.
The advisories have been jointly published by the NCSC-UK, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the German Federal Intelligence Service (BND), the German Federal Office for the Protection of the Constitution (BfV), the United States Federal Bureau of Investigation (FBI), and the United States National Security Agency (NSA).
The NCSC has resources and advice available on Own Your Online(external link) for individuals and businesses to keep devices and accounts secure. We encourage everyone to be cautious when downloading an application.
If you have experienced a cyber security incident, you can report this at CERT NZ - Report an incident | CERT NZ(external link)