EvilBamboo Targets Mobile Devices in Multi-year Campaign

Volexity documents long-running, active espionage campaigns by the China-aligned APT 'EvilBamboo' that deploys multiple custom mobile spyware families (BADBAZAAR, BADSIGNAL, BADSOLAR) and supporting infrastructure (fake websites, Telegram channels, profiling JS, C2 servers) to target Tibetan, Uyghur, and Taiwanese communities; the report details malware capabilities, distribution methods including backdoored apps and App Store delivery, evidence of iOS profiling/exploitation, and provides IOCs and YARA rules for detection.