Chinese APT Group GREF has been using the BadBazaar tool for Android espionage. The tool targets Android users through malicious versions of popular communication apps Signal and Telegram. The group has been linked to cyber campaigns targeting Uyghurs and other Turkic ethnic minorities. The campaigns have been active since around July 2020 and July 2022. The malicious apps were distributed through various channels, including the official Google Play store. The malware is capable of harvesting data from compromised devices and granting attackers access to Signal communication. SSL pinning was used to protect communication between the malicious apps and command-and-control servers. The campaigns targeted users across multiple countries. Heightened cybersecurity measures, such as keeping devices updated and practicing good cyber-hygiene, are necessary to defend against emerging cyber risks. Hashtags: #ChineseAPT #GREF #BadBazaar #AndroidEspionage #Signal #Telegram #Cybersecurity.

https://www.infosecurity-magazine.com/news/chinese-gref-target-badbazaar/