First iOS Trojan attack launches amid Hong Kong protests

An iOS Trojan called Xsser mRat is similar to an Android virus and appears to be a rare cross platform attack. Target: Hong Kong protesters.

Security researchers have claimed to discover the first Apple iOS Trojan attack in a move to thwart the communications of pro-democracy Hong Kong activists.

The virus, dubbed Xsser mRat, is related to a similar virus found on Android, according to Lacoon Mobile Security.

In a blog post, Lacoon said Xsser mRat is related to Android spyware that has already infected mobile users in Hong Kong. The spyware appears to be designed to help coordinate Hong Kong protesters, but then launches an attack.

Lacoon highlights the significance of a cross platform mobile attack.

Cross-Platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation state. The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s first iOS Trojan linked to Chinese government cyber activity.

The Xsser mRAT is itself significant because it’s the first and most advanced, fully operational Chinese iOS Trojan found to date. Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone’s guess. It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments.

The upshot here is that it wouldn't take much to take the cross-platform attack across borders. Android and iOS control nearly all of the smartphone OS market. The other takeaway is that Xsser mRat highlights a shift to targeting mobile devices over PCs.

Lacoon has a lot more on its blog post, but here's the Xsser mRat installation workflow.

mrat

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All