Skip to content ↓ | Skip to navigation ↓

Researchers at Lacoon Mobile Security have discovered the first advanced Chinese iOS Trojan, known as Xsser mRat, last week while investigating Android for similar malware targeting Occupy Hong Kong protesters.

Initial investigations have shown the Trojan to possess an impressive number of surveillance capabilities. Ohod Bobrov, CTO and co-founder of Lacoon, said, “When infected, Xsser mRAT exposes virtually any information on iOS devices, including SMS, email and instant messages, and can also reveal location data, usernames and passwords, call logs and contact information.”

The mRat infects victims’ devices by exploiting WhatsApp users based on their geographical proximity to the site of the protests. According to Lacoon, Xsser first sends a message to the user, which reads “Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!”

When the user clicks on the download link, they unknowingly download an .apk file, which presents the user with a list of permissions they must approve. The user is then asked to agree to application updates. If they do, the application updates and activates the mRat’s hidden features.

Source: Lacoon Mobile Security

Xsser’s code is written in Chinese, which leads Lacoon to believe that the attack is coming from a sophisticated Chinese attacker.

“Cross-Platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation state,” said Bobrov. “The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s the first iOS Trojan linked to Chinese government cyber activity.”

However, there is one hitch: iOS users must have a jailbroken device, and those with Android must have third-party app downloads enabled.

Nonetheless, the Xsser mRat is a “perfect storm” for social engineering. The Trojan is capable of using geographic locations to target groups of individuals by playing to specially localized interests. Its cross-platform allows it to spread to both Android and iOS devices.

Currently, Xsser mRat has been found only in Hong Kong, but it is reasonable to expect that we will see similar attacks spread to other locations.

Read More Here…