BadBazaar

Description

(Lookout) We named this malware family BadBazaar in response to an early variant that posed as a third-party app store titled “APK Bazar.” Bazar is a lesser known spelling of Bazaar.

Lookout has since acquired 111 unique samples of the BadBazaar surveillanceware dating back to late 2018. Over 70% of these apps were found in Uyghur-language communication channels within the second half of 2022.

The malware primarily masquerades as a variety of Android apps, such as battery managers, video players, radio apps, messaging apps, dictionaries, and religious apps. We also found instances of apps pretending to be a benign third-party app store for Uyghurs.

Names

Name
BadBazaar

Type

Backdoor
Info stealer
Exfiltration

Information

https://www.lookout.com/blog/uyghur-surveillance-campaign-badbazaar-moonshine

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/apk.badbazaar

Other Information

Uuid

b95c1027-bd3f-4a1f-beb9-778daa89388f

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

BadBazaar

BadBazaar

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks