Researchers Claim China Is Using Malware to Spy on Hong Kong Protesters


Image: AP Photo/Vincent Yu/Associated Press


Thousands of protesters continue to fill Hong Kong's streets with umbrellas and demands for democracy, much to the dismay of the Chinese government.


To prevent news of the movement from flowing into mainland China, authorities have blocked Instagram, censored social media posts and, allegedly, targeted Yahoo with an attack that would make the normally secure site vulnerable to snooping and censorship - a so-called 'man-in-the-middle attack.'


Now, researchers at Lacoon Mobile Security claim the Chinese government may be using malware targeted at iPhone users to spy on protesters. In a blog post published on Tuesday, Lacoon claimed to have uncovered 'advanced' iOS malware that could be targeting protesters in Hong Kong. Some experts, however, have quickly raised serious doubts about the claims.


Lacoon said that the malware, named 'Xsser mRAT,' was found on the same server hosting another piece of malware, a fake Occupy Cental app, which was designed to siphon off data from whoever installed it. That Android malware was allegedly sent out to Hong Kong protesters via WhatsApp two weeks ago.


Lacoon claimed the two attacks are related and part of the same 'cross-platform' campaign.


But in Lacoon's report, there's no evidence that this malware has actually been used against Hong Kong protesters. And given that the malware needs a jailbroken iPhone to be installed, it's unlikely that even if it were deployed, it would affect many people, according to Jonathan Zdziarski, a forensic expert and security researcher.


Other independent researchers, like Claudio Guarnieri, who investigates malware attacks for the University of Toronto's Citizen Lab, are also skeptical of claims made by Lacoon.


No, there is no proof that the iOS backdoor is actually being used against protesters in #HK, that's complete misinformation.


- Claudio (@botherder) October 1, 2014


'There is no proof that this malware was ever distributed to anyone,' Guarnieri told Mashable. 'There's no proof that it was used by the Chinese government.'


Even Lacoon's researchers aren't sure the malware was ever used, and admit the only evidence indicating it might have been is that it was hosted on the same server where they found the suspicious Android malware.


'Since we have not witnessed an actual infection, anything from there on is speculation based on what we saw on the servers,' Daniel Brodie, Senior Security Researcher at Lacoon, told Mashable.


Lacoon also seems to have erroneously claimed that this iOS malware was particularly unprecedented. Lacoon's initial blog post was titled 'Lacoon Discovers Xsser mRAT, the First Advanced iOS Trojan.' Following online criticism, the company changed the title to specify that it's the 'first advanced Chinese trojan.'


@headhntr @botherder @ochsff Sirs, you mean old and new side by side? :P http://ift.tt/1E1aumC


- [ Gunther ] (@Gunther_AR) October 1, 2014


As some researchers quickly pointed out, this not the first iOS trojan ever found. Two years ago, for example, researchers at the Citizen Lab uncovered and analyzed several mobile trojans created by the surveillance tech company FinFisher - one of those was made to target iOS devices.


Hey, @LacoonSecurity, how can you say Xsser mRAT is the first advanced iOS Trojan? Did you forget about Dre? https://t.co/lmTUFEkzQ1


- Morgan Mayhem (@headhntr) October 1, 2014


Other surveillance tech companies, like Hacking Team, also have created and sold malware to target iOS devices. Other malware samples targeted at iOS have also been found.


It doesn't even appear that this is the first Chinese malware targeted at iOS users. Earlier this year, Reddit users uncovered a type of iOS malware dubbed Unfold Baby Panda which seemed to have Chinese origins.


'Claims of this being the first iOS trojan are greatly exaggerated,' Morgan Marquis-Boire, another Citizen Lab security researcher, told Mashable.


Have something to add to this story? Share it in the comments.

Comments

Post a Comment

Popular posts from this blog

5 Reasons iPhone 6 Won't Be Popular

Image
The majority of users are waiting for the next smartphone from Apple - iPhone 6 – this year. Unfortunately, the hype around iPhone began to gradually subside with each passing year after the 4th model launched. Therefore, it is possible that the sixth iPhone model of  will not be nearly as popular as it was in the beginning. Global audience perceived iPhone 4S and iPhone 5 much cooler than its early models New iPhones will not cause that “wow”-effect, which was in the beginning, when Steve Jobs' presentations caused a delight and admiration of every new Apple gadget. Some leaked photos of iPhone 5S prototype show that it does not differ from its predecessor at all. Therefore, all hopes for something radically new in design and features are laid on iPhone 6. And if Apple is no longer holds its standards, that seem to be a little bit old-fashioned already, it is unlikely that iPhone 6 will be interesting for people next year. 5 main reasons can be found to think like
Read more

Eset nod32 ativirus 6 free usernames and passwords

Image
                              Hi friends,after little long time I'm going to write again about eset nod 32 antivirus.As I told in previous post if you are user on windows 8 Eset nod 32 is the best antivirus for your personal computer.the latest product eset nod 32 antivirus 6 has special features with 100% really working.Not need to purchase full version from buying it.Download the eset nod 32 trial version and activate your est antivirus from below updated usernames and passwords. Firstly I would like to tell something about est nod32 antivirus 6. The latest product having: Eset smarter scan  Scan while downloading something Anti-Theft Idle-state scanning Clean and safe E-mail Removable media security system tools         Download Eset nod32 antivirus 6 Trial version Here     After downloading Eset nod32 Antivirus activate it using below usernames and passwords. Username: EAV-30326836                                       Password: ccka4dvsuv Expire: 16-10-2013 Username:EAV-79084
Read more

Apple's self

USA TODAY Apple's self-driving car racing toward reality, report saysUSA TODAYSAN FRANCISCO - Apple's self-driving car effort, code-named Project Titan , is more reality than rumor, according to documents obtained by the British newspaper The Guardian. Engineers working for the Cupertino-based tech hardware giant met in May with ...Apple Is Getting Closer to a Self-Driving CarTIMEApple is reportedly looking at places to test its self-driving carThe VergeApple eyes former naval base in California to test 'Project Titan' self ...Apple InsiderThe Independent -Business Insider -Cult of Macall 10 news articles »
Read more