Security researchers say Chinese authorities use a new type of malware to extract data from seized phones, allowing them to receive text messages – including conversation applications such as signal – images, location stories, recordings, contacts and much more.
In a report It is shared exclusively with TechCrunch, Mobile Cybersecurity Company Lookout analyzes the hacking tool called Massistant, which the company stated that it was developed by the Chinese technological giant Xiamen Meiya Pico.
Massistant, According to the lookoutIt is Android software used for forensic data export from mobile phones, which means that the principles they use must have natural access to these devices. While the Lookout is not aware of which Chinese police services are using the tool, its use is widely considered widespread, which means that Chinese residents, as well as travelers in China, should be aware of the existence of the tool and the dangers it poses.
“It’s a great concern, I think anyone traveling in the area should know that the device that brings to the country could be seized very well and anything that can be collected,” said Kristina Balaam, a researcher at the Lookout Who analyzed malware in Techcrunch in front of the release. “I think it’s something everyone should know if they are traveling to the area.”
Balaam found several seats in local Chinese forums, where people complained of finding the malicious software that settled on their devices after interactions with the police.
“It seems to be quite widely used, especially from what I have seen in Rums in these Chinese forums,” Balaam said.
Malware must be planted in an unlocked device and operates in parallel with a material tower connected to a desktop, according to a description and images of the system On Xiamen Meiya Pico’s website.
Balaam said Lookout could not analyze the work surface element, nor could the researchers could find a version of the malicious software compatible with Apple devices. In a depiction on its website, Xiamen Meiya Pico shows that the iPhones are connected to the Criminology Device, suggesting that the company may have a Massistant iOS version designed to extract data from Apple devices.
Police do not need sophisticated techniques to use the massistant, such as the use of zero days-of software or material that has not yet been revealed to the seller-as “people simply deliver their phones,” Balaam said, based on what he reads in these Chinese forums.
By at least 2024, China State Security Police They had legal powers to search through phones and computers without the need for a warrant or the existence of active criminal investigation.
“If one moves through a border checkpoint and their device has been confiscated, they must grant access to it,” Balaam said. “I don’t think we see any real exploitation of the legal tool tracking space just because they don’t need it.”
The good news per Balaam is that Massistant leaves evidence of its compromise on the confiscated device, which means that users can potentially detect and delete malware, either because the hacking tool appears as an application, or it can be found and deleted using more sophisticated tools such as Android bugs bridgeA command line tool that allows a user to connect to a device via their computer.
The bad news is that at the time of installing the massistant, the damage is done and the authorities already have the person’s data.
According to Lookout, Massistant is the successor of a similar mobile forensic tool, also made by Xiamen Meiya Pico, called MssketWhich security researchers analyzed in 2019.
Xiamen Meiya Pico is alleged to have a 40% share in the market for digital forensic products in China and approved by the US government in 2021 For its role in providing its technology to the Chinese government.
The company did not respond to TechCrunch’s request for comments.
Balaam said that Massistant is just one of the large spyware or malware made by Chinese surveillance technology manufacturers in what is called “a large ecosystem”. The researcher said the company is watching at least 15 different malicious software families in China.
