A new Trojan virus that only affects iOS devices was recently discovered by security researchers at Lacoon Mobile Security. As strange as this may sound, the virus was apparently created to target pro-democracy protesters in Hong Kong. The researches are calling the mobile remote access Tojan (mRAT) “Xsser” and are saying that it can steal valuable information from compromised iOS devices. More specifically, the virus is capable of stealing SMS, emails, usernames and passwords, instant messages, call logs and much more. The good news is that Xsser only appears to affect jailbroken iOS devices, although Lacoon wasn’t able to figure out how the devices got infected.
At the moment there is no way of telling who is behind these attacks, but the researches are suspecting the Chinese government. This assumption is based on the fact that only protesters seem to be targeted as far as they can tell. Indeed, that wouldn’t be all that surprising seeing as how the government also shut down Instagram a few days ago in an effort to keep photos of the Hong Kong protests from reaching the mainland. Now it looks like they are trying to steal information and may even resort to blocking communications among protesters. The real purpose of Xsser is still unknown, but Laccon says that this is the most sophisticated malware ever used against iOS users.
“It is the first time in history that you actually see an operationalized iOS Trojan that is attributed to some kind of Chinese entity,” said one of the Lacoon researchers. “It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments.”