\n<\/p>\n
Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones, allowing them to obtain text messages \u2014 including from chat apps such as Signal \u2014 images, location histories, audio recordings, contacts, and more.<\/p>\n
On Wednesday, mobile cybersecurity company Lookout published a new report \u2014 shared exclusively with TechCrunch \u2014 detailing the hacking tool called Massistant, which the company said was developed by Chinese tech giant Xiamen Meiya Pico.<\/p>\n
Massistant, according to Lookout, is Android software used for the forensic extraction of data from mobile phones, meaning the authorities using it need to have physical access to those devices. While Lookout doesn\u2019t know for sure which Chinese police agencies are using the tool, its use is assumed widespread, which means both Chinese residents, as well as travelers to China, should be aware of the tool\u2019s existence and the risks it poses.<\/p>\n
\u201cIt\u2019s a big concern. I think anybody who\u2019s traveling in the region needs to be aware that the device that they bring into the country could very well be confiscated and anything that\u2019s on it could be collected,\u201d Kristina Balaam, a researcher at Lookout who analyzed the malware, told TechCrunch ahead of the report\u2019s release. \u201cI think it\u2019s something everybody should be aware of if they\u2019re traveling in the region.\u201d<\/p>\n
Balaam found several posts on local Chinese forums where people complained about finding the malware installed on their devices after interactions with the police.\u00a0<\/p>\n
\u201cIt seems to be pretty broadly used, especially from what I\u2019ve seen in the rumblings on these Chinese forums,\u201d said Balaam.<\/p>\n
The malware, which must be planted on an unlocked device, and works in tandem with a hardware tower connected to a desktop computer, according to a description and pictures of the system on Xiamen Meiya Pico\u2019s website<\/a>.<\/p>\n Balaam said Lookout couldn\u2019t analyze the desktop component, nor could the researchers find a version of the malware compatible with Apple devices. In an illustration on its website, Xiamen Meiya Pico shows iPhones connected to its forensic hardware device, suggesting the company may have an iOS version of Massistant designed to extract data from Apple devices.<\/p>\n Police do not need sophisticated techniques to use Massistant, such as using zero-days<\/a> \u2014 flaws in software or hardware that have not yet been disclosed to the vendor \u2014 as \u201cpeople just hand over their phones,\u201d said Balaam, based on what she\u2019s read on those Chinese forums.<\/p>\n Since at least 2024, China\u2019s state security police<\/a> have had legal powers to search through phones and computers without needing a warrant or the existence of an active criminal investigation.\u00a0<\/p>\n \u201cIf somebody is moving through a border checkpoint and their device is confiscated, they have to grant access to it,\u201d said Balaam. \u201cI don\u2019t think we see any real exploits from lawful intercept tooling space just because they don\u2019t need to.\u201d<\/p>\n The good news, per Balaam, is that Massistant leaves evidence of its compromise on the seized device, meaning users can potentially identify and delete the malware, either because the hacking tool appears as an app, or can be found and deleted using more sophisticated tools such as the Android Debug Bridge<\/a>, a command line tool that lets a user connect to a device through their computer.\u00a0<\/p>\n The bad news is that at the time of installing Massistant, the damage is done, and authorities already have the person\u2019s data.\u00a0<\/p>\n According to Lookout, Massistant is the successor of a similar mobile forensic tool, also made by Xiamen Meiya Pico, called MSSocket<\/a>, which security researchers analyzed<\/a> in 2019.\u00a0<\/p>\n Xiamen Meiya Pico reportedly has a 40% share of the digital forensics market in China, and was sanctioned by the U.S. government in 2021<\/a> for its role in supplying its technology to the Chinese government.\u00a0<\/p>\n The company did not respond to TechCrunch\u2019s request for comment.<\/p>\n Balaam said that Massistant is only one of a large number of spyware or malware made by Chinese surveillance tech makers, in what she called \u201ca big ecosystem.\u201d The researcher said that the company tracks at least 15 different malware families in China.<\/p>\n<\/div>\n