Chinese Authorities Using New Malware to Extract Data from Seized Phones
Security researchers have uncovered a new type of malware being used by Chinese authorities to extract data from seized phones. This hacking tool, known as Massistant, allows officials to access text messages, images, location histories, audio recordings, contacts, and more, including data from encrypted chat apps like Signal.
According to a report from mobile cybersecurity company Lookout, the malware was developed by Chinese tech giant Xiamen Meiya Pico. Massistant is Android software designed for forensic data extraction from mobile devices, requiring physical access to the targeted phones. While the specific Chinese police agencies using the tool remain unknown, its widespread use raises concerns for both Chinese residents and travelers to China.
Researcher Kristina Balaam, who analyzed the malware, emphasized the importance of awareness among individuals traveling to the region. She noted that reports from Chinese forums indicate the widespread deployment of Massistant, with users discovering the malware on their devices following interactions with law enforcement.
Massistant is typically installed on unlocked devices and operates in conjunction with a hardware tower connected to a desktop computer. While Lookout could not analyze the desktop component, Xiamen Meiya Pico’s website suggests the existence of an iOS version of the malware for extracting data from Apple devices.
Notably, Chinese state security police have legal authority to search through phones and computers without a warrant or active criminal investigation since at least 2024. Balaam highlighted that individuals crossing border checkpoints in China may be required to grant access to their devices, enabling authorities to extract data using tools like Massistant.
While the malware leaves traces of compromise on seized devices, enabling potential detection and removal, the damage is already done at the time of installation. Lookout identified Massistant as the successor to a previous tool called MSSocket, also developed by Xiamen Meiya Pico.
Xiamen Meiya Pico, a major player in the Chinese digital forensics market, was sanctioned by the U.S. government in 2021 for supplying technology to the Chinese government. The company did not respond to requests for comment on the use of Massistant.
Balaam highlighted the existence of a broader ecosystem of spyware and malware developed by Chinese surveillance tech companies, with Lookout tracking at least 15 different malware families in China.
