Whenever mobile malware comes up, the usual reports detail new malicious apps that are found to affect Android, while iOS remains largely unaffected by such programs. However, The New York Times now says that security researchers have discovered a sophisticated malware attack that’s currently spreading in Hong Kong between Occupy Central protesters, and which is able to infect and then spy upon both Android and iOS devices.

It’s not clear who’s behind the malware app, but the Chinese government is believed to be involved, as it tries to censor the current pro-democracy protests in Hong Kong. Furthermore, it’s not clear how many devices have been compromised, but previous similar attacks have infected one in 10 handsets that received a message prompting the user to install an app.

The app can be installed after following a link received via a WhatsApp message that reads: “Check out this Android app designed by Code4HK [a hacker group that’s helping the Occupy Central movement] for the coordination of OCCUPY CENTRAL!” It’s not clear if similar app installs are possible on iOS, where users can get apps only from the App Store, except the few that are jailbroken and can install apps from other sources.

“This is the first time that we have seen such operationally sophisticated iOS malware operational, which is actually developed by a Chinese-speaking entity,” Lacoon Mobile Security chief executive Michael Shaulov said.

Once installed, the app can access information such as passwords, bank information, phone calls and messages, and the location of a smartphone.

Considering the “targets of the operation, where the servers are based and the sophistication of the attack, it doesn’t leave much room to the imagination,” Shaulov said about the malware’s creators, as the exec traced the servers to a computer similar to those examined by Mendicant, an American security company that studied previous alleged Chinese military cyberattacks on U.S. companies.

Interestingly, Apple has been promoting the security features in iOS 8 heavily in recent weeks and has suggested that personal data on devices running iOS 8 is safer than ever.

View Comments