Fake CODE4HK Mobile Application Attack
RISK: Medium Risk
TYPE: Attacks - Malware
A fake mobile application named CODE4HK claiming to coordinating the Occupy Central pro-democracy movement has circulated online since 16 Sep 2014.
Malicious behaviours were identified in a fake CODE4HK mobile application, which can cause information disclosure.
A security company discovered an iOS spyware called Xsser, which was related to fake CODE4HK attack campaign. The researcher mentioned that he had not uncovered information regarding the method or vector of attack. The spyware needs to install on a jailbroken iOS device with Cydia app.
- Information Disclosure
System / Technologies affected
- Android 4.x and prior
- [UPDATE 2014-10-03] Jailbroken iOS with Cydia app installed
Removal for Android
- Go to Settings > Apps on the device
- Find "code4hk" in the Downloaded list
- Click on "code4hk" to the App info
- Click "Uninstall"
Prevention for Android
- Do NOT install application file (*.apk) from unknown source
- Disable "Unknown sources" option in the Settings > Security on the device
[UPDATE 2014-10-03] Removal for iOS
- Reset and Erase iOS device
[UPDATE 2014-10-03] Prevention for iOS
- Do NOT jailbreak iOS device
- Do NOT install application from unknown source
- No CVE information is available