clock menu more-arrow no yes

Filed under:

Sophisticated iPhone and Android malware is spying on Hong Kong protesters

New, 32 comments

Researchers say all signs point to the Chinese government

A fake smartphone app is being used to remotely monitor pro-democracy protesters in Hong Kong, according to a report from the New York Times. Researchers from Lacoon Mobile Security say the phishing scam is spreading across the messaging application WhatsApp, through texts that read: "Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!", along with a link to download software. Lacoon says the software, once downloaded, can access a user's personal data, including phone calls, text messages, and the physical location of their smartphone. Code4HK — a developer community that has helped to spread information about the protests — tells the Times it had nothing to do with the texts.

The origin of the scam remains unknown, but Lacoon CEO Michael Shaulov says the Chinese government is likely behind it, given the location of the servers and the sophistication of the operation. The company traced it to a computer that they say is similar to those that the Chinese government allegedly used to launch cyberattacks against US targets last year. The spread of the app remains equally unclear, though Shaulov says it was downloaded by one out of every ten phones that received the fake message. It has affected both Android and iOS users alike, although many in the security world have noted that only jailbroken iOS phones are vulnerable.

"This is the first time that we have seen such operationally sophisticated iOS malware"

"This is the first time that we have seen such operationally sophisticated iOS malware operational, which is actually developed by a Chinese-speaking entity," Shaulov told the Times. Similar iOS malware has been distributed by FinFisher, but never before linked to China.

Today's report comes as thousands of protesters flocked to the streets on China's National Day, calling for Beijing to allow for free democratic elections in 2017. China had previously said it would allow Hong Kong to choose its own leader by that date, but backtracked on that promise in August, when it announced that all candidates would have to be approved by Beijing.

Protesters in the "Occupy Central" movement have clashed with police since protests escalated over the weekend, and there are fears of further confrontation tonight, during National Day celebrations. The Chinese government has gone to great lengths to censor news of the demonstrations. Most state-run media have not mentioned it, and Chinese web censors have stepped up efforts to block images and videos on social media. On Sunday, the government blocked access to Instagram within mainland China, and posts on the Twitter-like service Sina Weibo have been aggressively deleted, according to the Times. In the past few days, censors have blocked any Weibo posts including the words "Hong Kong," "barricades," and "umbrella" — the unofficial symbol of Hong Kong's movement.

10/1 9:04am ET: Updated to clarify that only jailbroken iOS devices are vulnerable, and mention previous precedents