Chinese Authorities Use New Tool to Hack Seized Phones, Extract Data
Security researchers have uncovered a new type of malware used by Chinese authorities to extract data from seized phones. The hacking tool, called Massistant, is developed by Xiamen Meiya Pico, a Chinese tech giant, and allows the authorities to obtain text messages, images, location histories, audio recordings, contacts, and more.
According to mobile cybersecurity company Lookout, which detailed the hacking tool in a report shared exclusively with TechCrunch, Massistant is Android software used for forensic extraction of data from mobile phones. This means that Chinese authorities using it need to have physical access to those devices.
The Risks Posed by Massistant
"It's a big concern," says Kristina Balaam, a researcher at Lookout who analyzed the malware. "I think anybody who's traveling in the region needs to be aware that the device they bring into the country could very well be confiscated and anything that's on it could be collected."
How Massistant Works
Balaam found several posts on local Chinese forums where people complained about finding the malware installed on their devices after interactions with the police. The malware must be planted on an unlocked device, and works in tandem with a hardware tower connected to a desktop computer.
"The system is pretty basic," says Balaam. "It's not like they need sophisticated techniques to use it. They just hand over their phones, and that's all they need."
Why Massistant Matters
Since at least 2024, China's state security police have had legal powers to search through phones and computers without needing a warrant or an active criminal investigation.
"If somebody is moving through a border checkpoint and their device is confiscated, they have to grant access to it," says Balaam. "I don't think we see any real exploits from lawful intercept tooling space just because they don't need to."
Leaving Evidence of Compromise
On the other hand, Massistant leaves evidence of its compromise on the seized device, meaning users can potentially identify and delete the malware. This includes finding it as an app or using more sophisticated tools like the Android Debug Bridge.
"The bad news is that at the time of installing Massistant, the damage is done, and authorities already have the person's data," says Balaam.
The Ecosystem of Chinese Surveillance Tech Makers
Balaam said that Massistant is only one of a large number of spyware or malware made by Chinese surveillance tech makers, in what she called "a big ecosystem." The company tracks at least 15 different malware families in China.
What It Means for Travelers
"I think it's something everybody should be aware of if they're traveling in the region," says Balaam. "It's a concern, and I would advise anyone to take precautions when using their devices abroad."
The Company Behind Massistant: Xiamen Meiya Pico
Xiamen Meiya Pico is a Chinese tech giant that has been sanctioned by the U.S. government for its role in supplying technology to the Chinese government.
The company reportedly has a 40% share of the digital forensics market in China and has developed several mobile forensic tools, including Massistant and MSSocket.