The malicious spyware that circulated the Occupy Hong Kong movement disguised as a protest coordinating app appeared to only target Android phones. But a new discovery from Lacoon Mobile Security shows that whoever deployed the malware also had a trojan built for iOS.
Last week, a number of protesters received a WhatsApp message inviting them to download an Android app purporting to coordinate the Occupy Hong Kong pro-democracy movement, according to the South China Morning Post. The movement responded quickly and said it had not released such an app. It was soon found to contain malware that exploits SMS, email, instant messages, call logs, location data, and usernames and passwords found on the device.
Lacoon CEO Michael Shaulov explained that his team found the iOS malware operated on the command and control server attached to the Android trojan horse. It’s unclear how many people, if anyone at all, was infected with the iOS malware. In the first place, people could only download the malware on a jailbroken phone.
Occupy Hong Kong with Peace and Love is a response to Beijing’s decision to choose candidates for Hong Kong’s 2017 elections. When Britain ceded Hong Kong back to China in 1997, the country promised Hong Kong could retain some of the freedom it enjoyed under British rule — including democratic elections.
Initial reports said it did not appear the Chinese government was involved in the malware. However, Lacoon says that the development of an advanced iOS trojan may indicate otherwise. “Cross-platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation-state,” the company said in blog post.
What’s really remarkable about this attack is that an entity in China, likely a well-resourced one according to Shaulov, has created trojan malware for iOS. “It’s the first time in the industry that we’ve actually see such a sophisticated trojan,” said Shaulov. It’s a particularly scary prospect, because iOS does not have antivirus software. Apple relies on its capability to keep a tight handle on what gets downloaded onto its devices, otherwise security goes out the window.
Also, if this is the work of the Chinese government and its cybersecurity team, as Lacoon seems to think, Hong Kong’s protesters have good reason to worry.