The iOS malware is identified as Xsser mRATand is said to be affecting the iPhone and iPad OS. Owners of the affected Apple devices are the people from Hong Kong who are currently staging a pro-democracy protest.
According to Lacoon Mobile Security, a cyber-security firm, the iOS virus was identified as a result of a spyware-focused investigation on Android equipment. The virus is said to be capable of stealing the user's personal details from his Apple device such as contacts, passwords and images.
Since the attack encompasses both devices of iOS and Android, the security firm has deduced that the cross-platform attack is staged by a huge organization or nation state.
"The Xsser mRAT is itself significant because it's the first and most advanced, fully operational Chinese iOS Trojan found to date. Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone's guess," said by the firm in a blog post.
The people in Hong Kong have been staging massive demonstrations after China declared that it would only allow those candidates who were approved by the nation to run in the 2017 election of the territory's chief executive. Activists demanded that China should allow Hong Kong to have an election without any restrictions.
It should be remembered that in 1997, Britain ceded Hong Kong back to China. The mother country promised Hong Kong that the territory can continue to enjoy some of the freedom it earned under the British. One of these include democratic elections.
The malicious spyware is purportedly disguised as a protest coordinating app that targeted both Android and iOS devices. Such type of malware which takes advantage of current local events is not a common occurrence. Security experts have noted in the past of some programs which were speculated to have been created in order to track activists and dissidents.
The discovered Xsser mRAT malware steals data from Tencent, a Chinese messaging app and passwords from the iOS keychain services.
"It's the first time in the industry that we've actually see such a sophisticated Trojan," said Lacoon CEO Michael Shaulov.
Other reports say that some of the protesters received a message in WhatsApp which was an invitation to download an Android app that is disguised as a coordinating app of the Hong Kong movement. The message came from an unknown mobile number and reads 'Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!' The pro-democracy movement, dubbed as 'Occupy Hong Kong with Peace and Love,' denied releasing the app. Likewise, Code4HK said that it had no relation with the malware-embedded application.
