Das australische Cybersicherheitszentrum hat zusammen mit anderen ein Warnung zu schadhaften Apps veröffentlicht.
Unter den Namen #BadBazaar und #Moonshine verbirgt sich eine #Spyware. Diese kann auf Kamera, Mikrofon und einiges mehr zugreifen. Ziel der Malware sind Gruppen von Uighuren, Tibetanern und Taiwanesen.
https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf
Technische Details:
https://www.ncsc.gov.uk/files/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-technical-analysis-and-mitigations.pdf
I hope everyone is enjoying their weekend!
The Volexity researchers have been tracking the APT known as #EvilBamboo for over 5 years. Recently they have been targeting #Android devices and creating fake websites and social media profiles to help deploy the browser-based exploits. They have been using three different Android spyware that have been dubbed #BadBazaar, #BadSignal, and #BadSolar. This is an extremely informative and enjoyable article that covers a lot of technical details! Enjoy and Happy Hunting!
EvilBamboo Targets Mobile Devices in Multi-year Campaign
https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Volexity has identified several long-running and currently active campaigns undertaken by the threat actor Volexity tracks as EvilBamboo (formerly named Evil Eye) targeting Tibetan, Uyghur, and Taiwanese individuals and organizations. These targets represent three of the Five Poisonous Groups of Chinese Communist Party (CCP).
@volexity's #theatintel team works with some of the most targeted groups in the world. Today, at the LABScon conference, we are sharing details of a long-running campaign by EvilBamboo. We have also just published details on our blog: https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/.
Our analysis has uncovered evidence of the attacker building online communities on various social media & messaging platforms, creating fake personas on social media sites, and using other #socialengineering techniques in order to distribute #Android malware, including #BADBAZAAR. Additionally, there is strong evidence of #iOS device targeting and likely exploitation using IRONSQUIRREL.
#China accused of hiding #spyware in app stores. APT #GREF put #BadBazaar in cloned #Signal & #Telegram.
#Google acted (slowly), but #Samsung failed to do anything. In today’s #SBBlogwatch, we’re all about the déjà vu. At #TechstrongGroup’s #SecurityBlvd: https://securityboulevard.com/2023/08/badbazaar-signal-telegram-gref-richixbw/?utm_source=richisoc&utm_medium=social&utm_campaign=richisoc
Tâi Siáu-káu 台痟狗 ㄊㄇㄉ 🇳🇫 台灣國
Benjamin Carr, Ph.D. 👨🏻💻🧬
qbi
The Threat Codex
Just Another Blue Teamer
Volexity 
Marcel SIneM(S)US
Richi Jennings
Scripter 