BadBazaar Malware Targets Victims in China But Everyone Should Beware

BadBazaar is the name of a newly discovered piece of malware that affects Android devices. The malware was used in attacks targeting the Uyghur population of China.

The malicious tool was discovered by a team with security company Lookout Threat Lab and its primary targets were members of the Uyghur minority living on Chinese land.

The Uyghur minority has faced persecution and repressions for a long time and the new tool is likely part of this ongoing effort to oppress Uyghurs.

The malware is distributed by impersonating other applications while containing malicious components and surveillance tools. Some infrastructure overlap between BadBazaar and known threat actors links BadBazaar to the APT15 threat actor - a known Chinese state-sponsored entity.

BadBazaar has been around for a while too, with the earliest samples of what is essentially the same malware dating back to 2018. Over a hundred malicious Android apps were discovered in total, with most of them found on "communication channels" that were used by members of the Uyghur community.

BadBazaar impersonates all manners of apps, from battery level monitoring and management apps to dictionaries and even religious applications.

Once deployed on an Android phone, BadBazaar can scrape and exfiltrate just about every bit of information you can imagine, including phone call logs, contacts, SMS and text messages, installed app lists, user location, using the device's camera and recording calls and performing document file enumeration.