Menu
Malware program targets Hong Kong protesters using Apple devices

Malware program targets Hong Kong protesters using Apple devices

The program is related to an Android one that seeks to spy on activists, Lacoon Mobile Security said

How a malware program targeting Hong Kong protesters using Apple devices works

How a malware program targeting Hong Kong protesters using Apple devices works

A malware program that targets Hong Kong activists using Apple devices has trademarks of being developed by a nation-state, possibly China, according to a security company.

Lacoon Mobile Security of San Francisco wrote on its blog on Tuesday that the malware, called Xsser mRAT, is the "first and most advanced, fully operational Chinese iOS trojan found to date."

The Apple malware is related to a malicious Android one found last month that advertised itself as a way for activists to coordinate protests, Lacoon wrote.

Hong Kong has seen massive demonstrations after China moved to only allow candidates it approves to run in the election of the territory's chief executive in 2017. Activists charge China reneged on a promise of an election without restrictions.

It's not usual to see malware emerge that has been customized to capitalize on current events, and security experts have long documented programs suspected to have been created to monitor dissidents and activists.

Xsser mRAT can steal SMS messages, call logs, location data, photos, address books, data from the Chinese messaging application Tencent and passwords from the iOS keychain, Lacoon wrote.

"Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone's guess," the company wrote. "It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies or even entire governments."

However, there is a saving grace: only iOS devices that have been jailbroken, or modified to run unauthorized apps, would be able to run the malware, according to Lacoon. Apple tightly vets the applications on its App Store and advises that people do not jailbreak their devices.

Lacoon wrote that the Android version was making the rounds through links distributed on the messaging application WhatsApp. The messages came from an unknown phone number, reading: "Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!"

Code4HK told the South China Morning Post newspaper that it had nothing to do with the application, according to a Sept. 17 story.

Lacoon found the same server used to control the Android malware also hosted the iOS malware. Such targeting of both Android and iOS devices is rare, the company wrote, which may "indicate that this may be conducted by a very large organization or nation state."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Lacoon Mobile Securitysecuritymobile securitymalware

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments