Chinese authorities are using new tools to hack seized phones and extract data
Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones and allow them to retrieve text messages such as chat apps such as signals.
On Wednesday, mobile cybersecurity company Lookout issued a new report that was only shared with TechCrunch – detailing the details of a hacking tool called Massistant.
According to Lookout, Hypertrophy is Android software used for forensic extraction of data from mobile phones. This means that the authorities using them must have physical access to those devices. Lookout doesn’t know for certain which Chinese police agencies are using the tool, but its use is assumed to be extensive. This means that both Chinese residents and travelers to China need to be aware of the presence of tools and the risks they pose.
“That’s a big concern. I think anyone traveling in the area needs to realize that devices they bring into the country can be confiscated very often, and that everything that’s on it can be collected,” Christina Barahm, a researcher who analyzed the malware, told TechCrunch ahead of the release of the report. “I think that’s something everyone should know if they’re traveling around the area.”
Balaam found several posts at his local Chinese forum. There, people complained about finding malware installed on their devices after interacting with police.
“It seems to be used quite widely, especially from what we saw in the rumbles of these Chinese forums,” Baram said.
Malware that works in conjunction with hardware towers connected to desktop computers according to system description and photos will work according to system description and photos On the Xiamen Meiya Pico website.
Balaam said Lookout is unable to analyze desktop components and researchers cannot find a version of malware that is compatible with Apple devices. Xiamen Meiya Pico shows an iPhone connected to a forensic hardware device in an illustration on its website. This suggests that you may have an iOS version of Massistant designed to extract data from Apple devices.
Police do not need sophisticated techniques to use genocide, such as using Zero Day – Software or hardware flaws that have not yet been disclosed to the vendor – “People just hand over their phones,” based on what she read on those Chinese forums.
At least since 2024, China’s national security police They had legal authority to search phones and computers without the need for warrants or active criminal investigations.
“If someone moves a checkpoint on the boundary and the device is confiscated, they need to access it,” Baram said. “I don’t think you’ll see any real exploits from the legal intercept touring space just because they’re not necessary.”
The good news is that according to Balaam, it leaves behind evidence of compromise on the abundant devices. This means that users can potentially identify and remove malware, as hacking tools can be viewed as apps or found and removed using more sophisticated tools. Android Debug Bridgea command line tool that allows users to connect to devices through a computer.
The bad news is that the damage occurs at the moment of munching and the authorities already have the person’s data.
According to Lookout, Massistant is the successor to a similar mobile forensic tool created by Xiamen Meiya Pico, MssoeckeWhich security researcher analysis 2019.
Xiamen Meiya Pico is reportedly holding a 40% share of China’s digital forensics market. Authorized by the US government in 2021 For its role in supplying that technology to the Chinese government.
The company did not respond to TechCrunch’s request for comment.
Balaam said Massistant is one of many spyware or malware created by Chinese surveillance technology manufacturers, what she called the “big ecosystem.” Researchers said the company is tracking at least 15 different malware families in China.