Security researchers with Lacoon Mobile Security have discovered a new iOS mobile remote access Trojan (mRAT) which is believed to be targeting pro-democracy protesters in Hong Kong. Dubbed Xsser, the Trojan steals valuable information like SMS, email, instant messages, location data, usernames and passwords, call logs, and more from compromised iOS devices.
The Trojan is related to the Android spyware that is already distributed broadly in Hong Kong. Activists first received a link to the spyware, disguised as an app to help coordinate protests, in Whatsapp messages from an unknown phone number yesterday.
As of now, Lacoon says only jailbroken iOS devices are susceptible to Xsser, however, it isn't yet clear how they get infected with the Trojan. Also, the security firm is yet to identify any specific victims of the Trojan.
According to Lacoon Chief Executive Michael Shaulov, Xsser is the most sophisticated malware used to date in any known cyber attack on iOS users. "This is one the most interesting developments we have seen", he said, adding that it's a real indication that attackers are shifting their focus from PCs to mobile devices.
The fact that the attack is aimed at protestors, and is being executed by Chinese-speaking attackers, strongly suggests the involvement of the Chinese government, the firm says.
The full extent of how Xsser mRAT is being used is currently unknown. "It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments", the company said.