The pro-democracy protesters in Hong Kong have been targeted with an Android spyware disguised as an #OccupyCentral app, according to a team of security specialist known as Code4HK.
The fake app disguises as an Android app for tablets and smartphones. It seems the app has been developed to keep an eye and track #OccupyCentral pro-democracy protesters in Hong Kong.
Once installed, the app can read phone status and identity, reroute outgoing calls, read your text messages (SMS or MMS), receive text messages (SMS) record audio, read call logs, it can locate your approximate location (network-based), and precise location (GPS and network-based).
Lau Sau-yin, a spokeswoman for Occupy Central, said that it all started on Tuesday when activists received a message from an unknown number, containing link of the application. The message urged activists to check the Android app.
“Check out this Android app designed by Code4HK for the coordination of Occupy Central!”
The spokeswoman also said that the organisation has absolutely nothing to do with this spyware application. Code4HK coder group also denied any relation with the app.
“None of the Code4HK community has done any application on [Occupy Central] at the moment nor sent the message,” the statement read.
The South China Morning Post SCMP reports that a senior consultant from Hong Kong Computer Emergency Response Team Coordination Centre, Mr Siu Cheong Leung said that,
“It’s a malware with spy behavior. “On the face it is not suspicious,” he added. “However once it is installed, it will unpack data from itself to install a second mobile app, which then connects to a server based in South Korea. “
Code4HK suggested the application was generic spyware.
“I agree it looks quite off the shelf, not specialised for us,” said Vincent Lau Chun-yin, a member of the group.
The group of coders was not able to immediately identify the origin of the spyware. So protesters in Hong Kong keep your eyes and ears open.