Chinese authorities are using a new tool to hack seized phones and extract data

Recent findings from cybersecurity experts reveal that Chinese officials are employing a sophisticated new malware to extract sensitive data from confiscated mobile devices. This tool can access a wide array of information, including text messages from popular chat applications like Signal, as well as images, audio recordings, location histories, and contact lists. The mobile security firm Lookout released a detailed report on this hacking tool, named Massistant, which is reportedly developed by the Chinese tech company Xiamen Meiya Pico. Massistant operates as forensic software for Android devices, requiring authorities to have physical access to the targeted smartphones. While the exact police agencies utilizing Massistant remain unidentified, its widespread use raises concerns for both local citizens and international travelers in China. Kristina Balaam, a researcher at Lookout, emphasized the importance of awareness, stating that anyone entering the region should be cautious about their devices potentially being confiscated and the data extracted. Balaam's investigation uncovered numerous complaints on Chinese online forums from users who discovered this malware on their devices following police encounters. The malware must be installed on an unlocked phone and works in conjunction with a hardware tower linked to a desktop computer, as depicted on Xiamen Meiya Pico’s website. Although Lookout could not analyze the desktop component of Massistant or confirm its compatibility with Apple devices, the company’s website suggests there may be an iOS version intended for data extraction from iPhones. The ease of access to Massistant is alarming, as users often voluntarily hand over their phones, negating the need for complex hacking techniques. Since 2024, China’s state security police have been empowered to search electronic devices without a warrant or active investigation, further complicating the privacy landscape. While the presence of Massistant can leave traces on the affected device, allowing users to potentially remove the malware, the initial data compromise occurs as soon as the tool is installed. Lookout noted that Massistant is the successor to a prior tool, MSSocket, also developed by Xiamen Meiya Pico, which has a significant market share in digital forensics within China and faced U.S. sanctions for its ties to the Chinese government in 2021. Balaam pointed out that Massistant is part of a broader ecosystem of spyware and malware developed by Chinese surveillance technology companies, with Lookout monitoring at least 15 distinct malware families in the region.