Sophisticated iPhone and Android malware is spying on Hong Kong protesters

[techbeck]

A fake smartphone app is being used to remotely monitor pro-democracy protesters in Hong Kong, according to a report from the New York Times. Researchers from Lacoon Mobile Security say the phishing scam is spreading across the messaging application WhatsApp, through texts that read: "Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!", along with a link to download software. Lacoon says the software, once downloaded, can access a user's personal data, including phone calls, text messages, and the physical location of their smartphone. Code4HK ? a developer community that has helped to spread information about the protests ? tells the Times it had nothing to do with the texts.

 

The origin of the scam remains unknown, but Lacoon CEO Michael Shaulov says the Chinese government is likely behind it, given the location of the servers and the sophistication of the operation. The company traced it to a computer that they say is similar to those that the Chinese government allegedly used to launch cyberattacks against US targets last year. The spread of the app remains equally unclear, though Shaulov says it was downloaded by one out of every ten phones that received the fake message, and, notably, that it has affected both Android and iOS users alike.

 

More...

http://www.theverge.com/2014/10/1/6877377/sophisticated-iphone-and-android-malware-is-spying-on-hong-kong

[Max Norris]

Even after many years of warnings it's sad that people still fall for the random "check out this download" scam.  Best security suite in the world can't protect you from yourself, ugh.