South China Morning Post
Advertisement
Advertisement
Occupy Central
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
A pro-democracy demonstrator checks his phone in Hong Kong. Security experts have warned a virus may be targeting protesters in the city. Photo: AFP
Hong Kong

Security experts say advanced virus targeting Hong Kong protesters’ iPhones

Cybersecurity researchers have uncovered a virus that spies on Apple's iOS for the iPhone and iPad, and they believe it is targeting pro-democracy protesters in Hong Kong.

Occupy Central
Reuters
Reuters
Why you can trust SCMP

Cybersecurity researchers have uncovered a computer virus that spies on Apple’s iOS operating system for the iPhone and iPad, and they believe it is targeting pro-democracy protesters in Hong Kong.

The malicious software, known as Xsser, is capable of stealing text messages, photos, call logs, passwords and other data from Apple mobile devices, researchers with Lacoon Mobile Security said on Tuesday.

They uncovered the spyware while investigating similar malware for Google's Android operating system last week that also targeted Hong Kong protesters. Anonymous attackers spread the Android spyware via WhatsApp, sending malicious links to download the program, according to Lacoon.
It is unclear how iOS devices get infected with Xsser, which is not disguised as an app. Lacoon said it had not "uncovered information regarding the method or vector of attack" but emphasised that the iOS device "needs to be jailbroken in order to be infected".

Lacoon Chief Executive Michael Shaulov told Reuters that Xsser is the most sophisticated malware used to date in any known cyberattack on iOS users.

"This is one the most interesting developments we have seen," he said. "It’s the first real indication that really sophisticated guys are shifting from infecting PCs or laptops to going after iOS devices."

The code used to control that server is written in Chinese. The high quality of the campaign and the fact it is being used to target protesters suggests that it is coming from a sophisticated attacker in China, Shaulov said.

"It is the first time in history that you actually see an operationalized iOS Trojan that is attributed to some kind of Chinese entity," he said.

A Trojan is a term used by cyber researchers to describe malware that enters a device disguised as something harmless.

Still, he said that his company’s research team has yet to identify any specific victims of the iOS Trojan.

Lacoon said on its blog that it is possible the attackers might have deployed the Trojan in other places, in addition to spying on pro-democracy protesters in Hong Kong.

"It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments," they said in a blog post describing their analysis.

Many protesters in Hong Kong have turned to FireChat, a mobile messaging application which uses Bluetooth or WiFi as an alternative to relying on mobile phone networks. Around 100,000 people downloaded the app after protests on Sunday, according to Open Garden, the company which developed the tool, amid rumours that police would shut down cellphone networks in parts of the city.

FireChat, launched only in March this year, allows smartphone users to communicate via Bluetooth or WiFi, an alternative to cellphone networks. Its chat-rooms, dubbed “firechats”, allow users to communicate without exchanging data with traditional cellular networks. These live and anonymous discussion groups can gather as many as 10,000 people simultaneously, according to Open Garden.

Additional reporting by James Griffiths

Post