Menu
Malware program targets Hong Kong protesters using Apple devices

Malware program targets Hong Kong protesters using Apple devices

The program is related to an Android one that seeks to spy on activists, Lacoon Mobile Security said

How a malware program targeting Hong Kong protesters using Apple devices works

How a malware program targeting Hong Kong protesters using Apple devices works

A malware program that targets Hong Kong activists using Apple devices has trademarks of being developed by a nation-state, possibly China, according to a security company.

Lacoon Mobile Security of San Francisco wrote on its blog on Tuesday that the malware, called Xsser mRAT, is the "first and most advanced, fully operational Chinese iOS trojan found to date."

The Apple malware is related to a malicious Android one found last month that advertised itself as a way for activists to coordinate protests, Lacoon wrote.

Hong Kong has seen massive demonstrations after China moved to only allow candidates it approves to run in the election of the territory's chief executive in 2017. Activists charge China reneged on a promise of an election without restrictions.

It's not usual to see malware emerge that has been customized to capitalize on current events, and security experts have long documented programs suspected to have been created to monitor dissidents and activists.

Xsser mRAT can steal SMS messages, call logs, location data, photos, address books, data from the Chinese messaging application Tencent and passwords from the iOS keychain, Lacoon wrote.

"Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone's guess," the company wrote. "It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies or even entire governments."

However, there is a saving grace: only iOS devices that have been jailbroken, or modified to run unauthorized apps, would be able to run the malware, according to Lacoon. Apple tightly vets the applications on its App Store and advises that people do not jailbreak their devices.

Lacoon wrote that the Android version was making the rounds through links distributed on the messaging application WhatsApp. The messages came from an unknown phone number, reading: "Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!"

Code4HK told the South China Morning Post newspaper that it had nothing to do with the application, according to a Sept. 17 story.

Lacoon found the same server used to control the Android malware also hosted the iOS malware. Such targeting of both Android and iOS devices is rare, the company wrote, which may "indicate that this may be conducted by a very large organization or nation state."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Lacoon Mobile Securitysecuritymobile securitymalware

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments