Western intelligence agencies have issued a critical warning about the escalating threat of malicious mobile phone applications used by Chinese security services. These apps are designed to surveil and gather sensitive information from individuals deemed adversaries by the Chinese government, including Taiwanese independence activists, Tibetan rights advocates, and other dissidents.

---

Who is at Risk?

The advisory, issued by cybersecurity agencies in Britain, the US, Canada, New Zealand, Australia, and Germany, highlights several groups particularly vulnerable to this surveillance:

• Taiwanese independence supporters
• Tibetan rights advocates
• Uyghur Muslims and other minorities in Xinjiang
• Democracy advocates, including those in Hong Kong
• Followers of the Falun Gong spiritual movement

The warning also extends to non-governmental organizations, journalists, businesses, and individuals who champion or represent these groups.

---

How the Spyware Works

A Chengdu-based contractor, identified as Sichuan Dianke Network Security Technology Co., Ltd., is linked to the deployment of two distinct malware packages: “BADBAZAAR” and “MOONSHINE.” These sophisticated tools are capable of:

• Extracting sensitive information from mobile devices.
• Granting remote access to device cameras, microphones, and location data.

The indiscriminate nature of this spyware’s distribution also raises concerns that infections could spread beyond the intended victims.

---

Broader Context and Chinese Response

This warning comes amid heightened tensions surrounding Taiwan, including recent Chinese military drills and reaffirmed US commitments to deterring Chinese aggression in the region.

Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, has stated that China “firmly opposes the smear attacks against China without any factual basis.” He emphasized the complexity of tracing cyberattacks and urged relevant parties to adopt a “professional and responsible attitude” when characterizing cyber incidents, basing conclusions on sufficient evidence rather than speculation.

This advisory builds upon previous cybersecurity industry reports that have detailed the contractor’s use of similar malware and infrastructure over several years, underscoring a persistent threat.