BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns | CyberScoop<\/title> <meta name=\"description\" content=\"Two spyware variants are targeting Uyghur, Taiwanese and Tibetan groups and individuals, the U.K.\u2019s National Cyber Security Centre warned in a joint alert Wednesday with Western allies.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/badbazzar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns\"> <meta property=\"og:description\" content=\"Two spyware variants are targeting Uyghur, Taiwanese and Tibetan groups and individuals, the U.K.\u2019s National Cyber Security Centre warned in a joint alert Wednesday with Western allies.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/badbazzar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-04-09T18:12:59+00:00\"> <meta property=\"article:modified_time\" content=\"2025-04-09T18:17:14+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1267\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1742994400g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1744125154g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84137\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84137\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fbadbazzar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fbadbazzar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-84137 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/badbazzar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.138836772983\">\n<div class=\"single-article__header-content\" readability=\"35.484337349398\">\n<p> In a joint advisory with Western allies, the National Cyber Security Centre sounded the alarm about variants of BADBAZAAR and MOONSHINE. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84137\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"422\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns.jpg?resize=640%2C422&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=300,198 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=768,507 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=1024,676 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=1536,1014 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=600,396 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=255,168 255w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=511,337 511w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=1023,675 1023w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-2.jpg?resize=1277,843 1277w\" sizes=\"(max-width: 1023px) 100vw, 1023px\"><figcaption> A 3D render of a vintage moonshine jug on an isolated white studio background. (allanswart, iStock\/Getty Images Plus) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"22.580948487326\"><body readability=\"49.503860010293\"><\/p>\n<p>Two spyware variants are targeting Uyghur, Taiwanese and Tibetan groups and individuals, the U.K.\u2019s National Cyber Security Centre warned in <a href=\"https:\/\/www.ncsc.gov.uk\/files\/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-guidance.pdf\">a joint alert<\/a> Wednesday with Western allies.<\/p>\n<p>Cybersecurity researchers have previously linked the BADBAZAAR and MOONSHINE spyware to the Chinese government. The variants mentioned in Wednesday\u2019s alert trojanize apps that are of interest to the target communities, such as a Uyghur language Quran app, and have appeared in official app stores.<\/p>\n<p>\u201cBADBAZAAR and MOONSHINE collect data which would almost certainly be of value to the Chinese state,\u201d the alert reads. Agencies in Australia, Canada, Germany, New Zealand and the United States, namely the FBI and National Security Agency, collaborated on it.<\/p>\n<p>Groups most at risk include those focused on Taiwanese independence, Tibetan rights, Uyghur Muslims, democracy advocacy and Falun Gong, according to the alert. The espionage tools can access and download information like location data or messages and photos, and can access microphones and cameras on a phone.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>BADBAZAAR is mobile malware with both iOS and Android variants, while MOONSHINE is Android-only. MOONSHINE has been shared through Telegram channels and links sent via WhatsApp. <\/p>\n<p>\u201cMOONSHINE samples seek permissions which are relevant to the app\u2019s functionality, so may appear unsuspicious, but they also use these permissions to collect information from devices,\u201d a <a href=\"https:\/\/www.ncsc.gov.uk\/files\/NCSC-Advisory-BADBAZAAR-and-MOONSHINE-technical-analysis-and-mitigations.pdf\">technical analysis<\/a> states.<\/p>\n<p>The spyware has been drawing attention since at least 2019, when the University of Toronto\u2019s Citizen Lab <a href=\"https:\/\/citizenlab.ca\/2019\/09\/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits\/\">identified it<\/a> and said Tibetan groups were receiving malicious links through WhatsApp text exchanges from people posing as journalists and other fake personas.<\/p>\n<p>Beyond official app stores, BADBAZAAR also spreads through social media platforms. It\u2019s been drawing its own attention from cybersecurity researchers since at least 2022 when Lookout <a href=\"https:\/\/www.lookout.com\/threat-intelligence\/article\/badbazaar-surveillanceware-apt15\">identified it<\/a>.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/badbazzar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups,<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2785,2786,271,2045,273,669,302,1733,2287,761,304,2814,272,482,836,288,4121,4122,971],"tags":[2789,2790,277,2050,279,671,306,1735,2296,763,308,2821,278,484,839,294,4123,4124,973],"class_list":["post-7530","post","type-post","status-publish","format-standard","hentry","category-australia","category-canada","category-china","category-citizen-lab","category-fbi","category-federal-bureau-of-investigation-fbi","category-geopolitics","category-germany","category-lookout","category-national-security-agency","category-national-security-agency-nsa","category-new-zealand","category-nsa","category-spyware","category-taiwan","category-threats","category-tibet","category-uighur","category-united-kingdom-u-k","tag-australia","tag-canada","tag-china","tag-citizen-lab","tag-fbi","tag-federal-bureau-of-investigation-fbi","tag-geopolitics","tag-germany","tag-lookout","tag-national-security-agency","tag-national-security-agency-nsa","tag-new-zealand","tag-nsa","tag-spyware","tag-taiwan","tag-threats","tag-tibet","tag-uighur","tag-united-kingdom-u-k"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/australia\/\" rel=\"category tag\">Australia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/canada\/\" rel=\"category tag\">Canada<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/citizen-lab\/\" rel=\"category tag\">Citizen Lab<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fbi\/\" rel=\"category tag\">FBI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/germany\/\" rel=\"category tag\">germany<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lookout\/\" rel=\"category tag\">Lookout<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-agency\/\" rel=\"category tag\">National Security Agency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-agency-nsa\/\" rel=\"category tag\">National Security Agency (NSA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/new-zealand\/\" rel=\"category tag\">New Zealand<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nsa\/\" rel=\"category tag\">nsa<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spyware\/\" rel=\"category tag\">spyware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/taiwan\/\" rel=\"category tag\">taiwan<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/tibet\/\" rel=\"category tag\">Tibet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uighur\/\" rel=\"category tag\">Uighur<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-kingdom-u-k\/\" rel=\"category tag\">United Kingdom (U.K.)<\/a>","tag_info":"United Kingdom (U.K.)","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7530"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7530\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7530,"date":"2025-04-09T13:12:59","date_gmt":"2025-04-09T18:12:59","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84137"},"modified":"2025-04-09T13:12:59","modified_gmt":"2025-04-09T18:12:59","slug":"badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/04\/09\/badbazaar-and-moonshine-malware-targets-taiwanese-tibetan-and-uyghur-groups-u-k-warns\/","title":{"rendered":"BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns"},"content":{"rendered":"