The Lacoon Mobile security researchers’ team have identified one of its first Apple iOS Trojan attacks to oppose communication of pro-democracy Hong Kong activists. Initial investigation indicates that the Trojan has an impressive number of surveillance capabilities.
The malicious software discovered has been dubbed Xsser mRat which uses social engineering to rob valuable data from jail broken devices while the users unknowingly tap on an install link in phishing messages from unknown users.
The malicious software has been created by Chinese hackers wherein it can obtain various range of personal information which could include the iOS address book, call logs, GSM identities, SMS messages, as well as the approximate geographical location which could be determined by the cell tower ID, pictures on devices together with passwords and other authentication data available in the iOS keychains that are used by Apple ID mail accounts and the other services.
The spyware has the capabilities of obtaining additional data in the cloud like the iOS version, MAC address, device version and phone number, IMSI and IMEI. When it is installed on any device, the Trojan automatically runs on rebooting, updating itself dynamically.
Xsser mRat Targets iOS Devices
According to Lacoon Mobile Security, the so called virus, Xsser mRat, targets the iOS devices related to Android spyware which have been distributed widely in Hong Kong. In a blog post, it is also mention by Lacoon that Xsser mRat is connected with Android spyware infecting mobile users in Hong Kong which seems to be designed in helping to coordinate Occupy Central Hong Kong protesters and then prepare an attack.
Lacoon has also stressed on the importance of a cross platform mobile attack.It is very rare where cross platform attack could target iOS as well as Android devices, which shows that it could be conducted by some large organization or a big state. Considering that the attack has been used against protesters and executed by Chinese speaking attackers indicates its first iOS Trojan which has been linked to Chinese government cyber function.
The Xsser code has been written in Chinese which has led Lacoon to believe that the attack could be from sophisticated Chinese attackers. There is one hitch wherein the iOS user should have a jail broken device and Android should have a third party app download enabled
First Fully Advanced Operational Chinese iOS Trojan
The Xsser mRat is important since it is the first and most fully advanced operational Chinese iOS Trojan which is presently found. It can cross border with ease and is probably operated by a Chinese entity to spy on foreign companies, individuals or an entire government.
It infects the users’ devices through WhatsApp depending on their geographical proximity to the site of protests and as per Lacoon, Xsser had send out it first message to the user which states `Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central’.
When the download link is clicked by the user, they download an apk file unknowingly which presents them with a list of permission that needs to be approved and finally the user is lead to agree to application updates which on doing so, the application gets updated and activates the hidden features of the mRat