A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices.
What's more? The researchers said they found "technical overlaps" of Poison Carp with two recently discovered campaigns against the Uyghur community in China—the iPhone hacking campaign reported by experts at Google and the Evil Eye campaign published by Volexity last month.
Based on the similarities of the three campaigns, researchers believed that the Chinese government sponsors Poison Carp group.
Poison Carp campaign exploits a total of 8 distinct Android browser exploits to install a previously undocumented fully-featured Android spyware, called MOONSHINE and one iOS exploit chain to stealthily install iOS spyware on 'users' device—none of which were zero days.
After the disclosure of iPhone hacking campaign, Apple released a statement last month confirming that the iOS campaign targeted the Uyghur community and saying that the company patched the vulnerabilities in question in February this year.
Since none of the iOS and Android vulnerabilities exploited in the campaign is zero-day, users are highly recommended always to keep their mobile devices up-to-date to become a victim of such attacks.