Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones and allow them to retrieve text messages such as chat apps such as signals.
On Wednesday, mobile cybersecurity company Lookout issued a new report that was only shared with TechCrunch – detailing the details of a hacking tool called Massistant.
According to Lookout, Hypertrophy is Android software used for forensic extraction of data from mobile phones. This means that the authorities using them must have physical access to those devices. Lookout doesn't know for certain which Chinese police agencies are using the tool, but its use is assumed to be extensive. This means that both Chinese residents and travelers to China need to be aware of the presence of tools and the risks they pose.
“That's a big concern. I think anyone traveling in the area needs to realize that devices they bring into the country can be confiscated very often, and that everything that's on it can be collected,” Christina Barahm, a researcher who analyzed the malware, told TechCrunch ahead of the release of the report. “I think that's something everyone should know if they're traveling around the area.”
Balaam found several posts at his local Chinese forum. There, people complained about finding malware installed on their devices after interacting with police.
“It seems to be used quite widely, especially from what we saw in the rumbles of these Chinese forums,” Baram said.
Following the system description and photos on the Xiamen Meiya Pico website, you will need malware that will be planted in an unlocked device and work in parallel with the hardware tower connected to your desktop computer.
Balaam said Lookout is unable to analyze desktop components and researchers cannot find a version of malware that is compatible with Apple devices. Xiamen Meiya Pico shows an iPhone connected to a forensic hardware device in an illustration on its website. This suggests that you may have an iOS version of Massistant designed to extract data from Apple devices.
Police say “just hand over your phone,” a wealth of techniques, including using zero-days (software and hardware defects that have not yet been disclosed to vendors), Baram said, based on what he read on a Chinese forum.
Since at least 2024, China's national security police have legal authority to search for phones and computers without the need for warrants or active criminal investigations.
“If someone moves a checkpoint on the boundary and the device is confiscated, they need to access it,” Baram said. “I don't think you'll see any real exploits from the legal intercept touring space just because they're not necessary.”
Screenshots of the vast hardware of mobile forensic tools taken from Xiamen Meiya Pico's official Chinese website. Image credit: Xiamen Meiya Pico
The good news, according to Balaam, means that Hacking tools can be displayed as apps or removed using more sophisticated tools such as Android Debug Bridge, such as command line tools that users can connect through their computers.
The bad news is that the damage occurs at the moment of munching and the authorities already have the person's data.
According to Lookout, Massistant is the successor to a similar mobile forensic tool created by Xiamen Meiya Pico, called MSSocket, which was analyzed by security researchers in 2019.
Xiamen Meiya Pico is reportedly holding a 40% share of China's digital forensics market, and was approved by the US government in 2021 for its role in supplying its technology.
The company did not respond to TechCrunch's request for comment.
Balaam said Massistant is one of many spyware or malware created by Chinese surveillance technology manufacturers, what she called the “big ecosystem.” Researchers said the company is tracking at least 15 different malware families in China.