Xsser – Phone Virus Targets Hong Kong Protesters, Maybe More

 

First there was the Heartbleed bug, then just last week it was Shellshock, and now we have a new one – the Xsser virus. For decades it was just our computers and laptops that were being targeted by the cyber thieves, but with the advent of the smart phone and mobile internet use growing at ever increasing rates it was just a matter of time before the criminals shifted their nefarious focus.  Lacoon Mobile Security said on Tuesday that the Xsser virus is capable of stealing virtually anything and everything off of your Apple mobile – pictures, text messages, call logs, your passwords and even the exact location of the user! It isn’t totally clear yet but it seems that the highest exposure for Apple users is if you have a “jailbroken” device. Jailbreaking a device means ridding it of its carrier limitations, and people often do it to install third-party applications or customize the phone’s interface. The exact percentage of devices that are jailbroken isn’t known of course but estimates range from 10% to as high as 50% in some markets. This news come fresh on the heels of the announcement last week that Google’s Android system was the target of malware/spyware being deposited via the use of Whatsapp. A user will see a notice that says, “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!”  Occupy central being the name given to the current protests in Hong Kong against the pressure and influence coming from the Chinese government regarding the future elections.

 

Reuters was told, by Lacoon CEO Michael Shaulov, that Xsser is the most sophisticated malware used to date in any known cyberattack on iOS users.

 

“This is one the most interesting developments we have seen,” he said. “It’s the first real indication that really sophisticated guys are shifting from infecting PCs or laptops to going after iOS devices. …… It is the first time in history that you actually see an operationalized iOS Trojan that is attributed to some kind of Chinese entity,”

 

Accoring to Shaulov, the code used to control that server is written in Chinese. This, along with the sophistication of the attack and the fact it is being used to target protesters suggests that it is coming from an advanced attacker in China. On its blog, Lacoon went on to say that it is possible the attackers might have deployed the Trojan in other places, in addition to spying on pro-democracy protesters in Hong Kong.

 

“It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments.”

 

The number of hacks and cyber attacks per day is ever increasing. There is an ongoing battle between the attackers and those being attacked and it seems that almost as quickly as developers find and solve one security soft spot the hackers develop another way in. If you need to have some perspective about just how massive this issue is, take a look at the Norse live attack tracker.

 

Norse 3

 

You can see in real time where attacks are coming from and who they are attacking. During a one hour sampling last week I tracked over 16,000 attacks! If we assume this was an average hour sample, then during a single day we would see nearly 400,000 cyber attacks. What is even more troubling is that this number is getting larger all the time.

 

attacks

 

So the battle continues. Hacks and cyber attacks are with us for the long term, so be careful. Minimize the amount of sensitive data you keep on your computer or device, don’t jailbreak your device, update your passwords on a regular basis and don’t ever download an app or a file unless you can have a high degree of confidence in it’s being secure. If you don’t exercise the proper amount of caution you can bet that sooner or later you will become a victim too.

You might also like