Chinese Authorities Using New Massistant Malware to Extract Data from Seized Phones, Security Report Reveals
A new cybersecurity report has revealed that Chinese authorities are using a powerful malware tool called Massistant to extract sensitive data from seized Android smartphones. Developed by Chinese digital forensics firm Xiamen Meiya Pico, the Massistant malware allows police agencies to access private information such as:
- Text messages, including those from encrypted chat apps like Signal
- Photos and videos
- Location history
- Audio recordings
- Contact lists
What Is Massistant Malware?
Massistant is forensic extraction software that requires physical access to a device. Security researchers at mobile cybersecurity firm Lookout published a detailed report on Wednesday, warning travellers and residents in China of the tool’s capabilities. According to Lookout, Massistant must be manually installed on unlocked Android devices. Once installed, it connects with a desktop computer via specialised hardware produced by Xiamen Meiya Pico.
How Does Massistant Work?
- Physical Access Required: Authorities must have control of your unlocked phone.
- Works with Forensic Hardware: Massistant connects to a forensic tower and desktop computer.
- No Zero-Day Exploits Needed: Chinese police agencies rely on legal powers, not sophisticated hacking, as citizens must surrender devices at checkpoints.
- Leaves Evidence Behind: Massistant shows up as an app or can be detected using Android Debug Bridge (ADB).
Who Is At Risk?
Kristina Balaam, the Lookout researcher who led the malware analysis, emphasised that both Chinese citizens and travellers to China should be cautious:
“It’s a big concern. Anybody traveling in the region needs to be aware that the device they bring into the country could very well be confiscated and anything on it could be collected.”
Balaam added that posts on Chinese forums show everyday users complaining about finding the malware installed after interactions with the police.
Mass Assistant: Successor to MSSocket Malware
Massistant is reportedly a successor to an earlier tool called MSSocket, analysed by security researchers in 2019. Xiamen Meiya Pico, the company behind both tools, controls roughly 40% of China’s digital forensics market and was sanctioned by the U.S. government in 2021 for its role in supporting Chinese government surveillance.
- Company: Xiamen Meiya Pico
- Previous Tool: MSSocket (2019)
- Market Share: 40% of China’s digital forensics market
- U.S. Sanctions: Imposed in 2021
Mass Assistant for iPhones?
While Lookout researchers did not find a version of Massistant compatible with iOS, Xiamen Meiya Pico’s website shows iPhones connected to its forensic hardware. This suggests there may be an undisclosed iOS version under development or already in use.
What Data Can Massistant Access?
- Chat apps like Signal and WhatsApp
- SMS and call logs
- Images and videos
- GPS location history
- Microphone recordings
- Contacts and call history
How Can You Detect and Remove Massistant?
Although the malware requires physical access to install, users can check for its presence:
- Look for unknown apps or processes in the device settings.
- Use tools like Android Debug Bridge (ADB) to scan for unauthorised installations.
- Factory reset your device after returning from travel if you suspect tampering.
However, Balaam warns:
“At the time of installation, the damage is already done. Authorities have already accessed the device’s data.”
Why This Matters for Travellers and Residents
Since 2024, Chinese state security police have been legally allowed to search phones and computers without a warrant. This makes the risk especially high for:
- Journalists
- Business travelers
- Researchers
- Activists
Anyone passing through Chinese border checkpoints may be required to unlock and hand over their devices.
A Growing Malware Ecosystem in China
Massistant is just one of at least 15 malware families tracked by Lookout in China. According to Balaam, Chinese surveillance technology companies operate in a large, competitive ecosystem focused on developing new spyware and digital forensics tools.
