'Someone' Targets Hong Kong Protesters Using Jailbroken iPhones with Malware

iSpyA "Chinese-speaking entity" has targeted Hong Kong protestors using jailbroken iPhones with a trojan horse malware attack. According to security research firm Lacoon, that unknown entity has launched an attack through social media channels called Xsser mRAT that gets victims to install the malware by claiming to be software to help protestors organize.

Hong Kong citizens are protesting a Chinese government decision that elections for Hong Kong's Chief Executive (think governor) won't be subject to the vagaries of people actually making a choice. Instead, only candidates approved by China can run—this violates a promise that was part of China's one nation, two systems commitment to Hong Kong being allowed to more or less—really, it's less—run itself.

The attack requires the device to be jailbroken, and it is capable of getting "SMS, email, and instant messages, and can also reveal location data, usernames and passwords, call logs and contact information." In other words, just about everything a protestor would not want the authoritarian Communist government in China to have.

Bonus Tip: If you're a protestor in Hong Kong—or anywhere—don't jailbreak your iPhone.

Xsser mRAT is related to a similar Android trojan horse that was discovered last week. Activists were sent text messages from unknown phone numbers and anonymously through Facebook's WhatsApp that said, "Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!"

It turns out that Code4HK—a real activist group—knew nothing about the app, and boom! Tons of Android phones were compromised. It was during Lacoon's investigation of that malware that it found the iOS trojan was being hosted and controlled from the same servers.

"Cross-Platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation state," Lacoon wrote in a blog post. "The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s first iOS trojan linked to Chinese government cyber activity."

Social networks were largely credited with helping the Arab Spring get off the ground, and they have been instrumental in other social protests, too. It would appear that this lesson wasn't missed by the Chinese government.

But wait, there's more, because Lacoon noted that while today's attack is on protestors, Xsser mRAT (and by definition, its successors) could be used far more broadly. From the blog post:

Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone’s guess. It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments.

So, don't jailbreak your iPhones. If you're running Android, good luck with that.