Menu
Malware program targets Hong Kong protesters using Apple devices

Malware program targets Hong Kong protesters using Apple devices

The program is related to an Android one that seeks to spy on activists, Lacoon Mobile Security said

How a malware program targeting Hong Kong protesters using Apple devices works

How a malware program targeting Hong Kong protesters using Apple devices works

A malware program that targets Hong Kong activists using Apple devices has trademarks of being developed by a nation-state, possibly China, according to a security company.

Lacoon Mobile Security of San Francisco wrote on its blog on Tuesday that the malware, called Xsser mRAT, is the "first and most advanced, fully operational Chinese iOS trojan found to date."

The Apple malware is related to a malicious Android one found last month that advertised itself as a way for activists to coordinate protests, Lacoon wrote.

Hong Kong has seen massive demonstrations after China moved to only allow candidates it approves to run in the election of the territory's chief executive in 2017. Activists charge China reneged on a promise of an election without restrictions.

It's not usual to see malware emerge that has been customized to capitalize on current events, and security experts have long documented programs suspected to have been created to monitor dissidents and activists.

Xsser mRAT can steal SMS messages, call logs, location data, photos, address books, data from the Chinese messaging application Tencent and passwords from the iOS keychain, Lacoon wrote.

"Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone's guess," the company wrote. "It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies or even entire governments."

However, there is a saving grace: only iOS devices that have been jailbroken, or modified to run unauthorized apps, would be able to run the malware, according to Lacoon. Apple tightly vets the applications on its App Store and advises that people do not jailbreak their devices.

Lacoon wrote that the Android version was making the rounds through links distributed on the messaging application WhatsApp. The messages came from an unknown phone number, reading: "Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!"

Code4HK told the South China Morning Post newspaper that it had nothing to do with the application, according to a Sept. 17 story.

Lacoon found the same server used to control the Android malware also hosted the iOS malware. Such targeting of both Android and iOS devices is rare, the company wrote, which may "indicate that this may be conducted by a very large organization or nation state."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaremobile securityLacoon Mobile Security

Brand Post

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments