Disguised spyware in the form of an Android app surfaced in an attack against pro-democracy protestors in Hong Kong. Beginning on Tuesday, activists under the moniker of the Occupy Central movement began receiving messages from an unknown number encouraging them to download the #OccupyCentral app. Code4HK, a team of security specialists, were falsely sited as the designers for the fake app, which presumably uses their group's name to appear authentic.
Touting itself as a method to help Occupy Central protestors coordinate and communicate, once installed the spyware can read phone status and identity, reroute outgoing calls, read and receive text messages and determine the users location.
Lau Sau-yin, an Occupy Central spokesperson, told the media that the organisation had nothing to do with the app or the messages that activists received, and Code4HK also denied involvement, telling the press that, in fact, the generic spyware “looks quite off the shelf.”
As of yet, authorities have been unable to identify the source of the spyware.