Names | BadBazaar | |
Category | Malware | |
Type | Backdoor, Info stealer, Exfiltration | |
Description | (Lookout) We named this malware family BadBazaar in response to an early variant that posed as a third-party app store titled “APK Bazar.” Bazar is a lesser known spelling of Bazaar. Lookout has since acquired 111 unique samples of the BadBazaar surveillanceware dating back to late 2018. Over 70% of these apps were found in Uyghur-language communication channels within the second half of 2022. The malware primarily masquerades as a variety of Android apps, such as battery managers, video players, radio apps, messaging apps, dictionaries, and religious apps. We also found instances of apps pretending to be a benign third-party app store for Uyghurs. | |
Information | <https://www.lookout.com/blog/uyghur-surveillance-campaign-badbazaar-moonshine> |
Last change to this tool card: 19 November 2022
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Poison Carp, Evil Eye | 2018-Jun 2023 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |