October 06, 2014

Press Note: Hong Kong Protests, Mobile Malware, and the People's Liberation Army

By Amy Chang

Washington, October 6 – Center for a New American Security Analyst Amy Chang has written a Press Note on the People’s Liberation Army (PLA) practice of spreading malware on the mobile devices of the Occupy Hong Kong protestors.

Ms. Chang is available for interviews on the subject. To arrange an interview, please contact Neal Urwitz at nurwitz@cnas.org, or call 202-457-9409.
Please find the Press Note below:

China has employed a remote access trojan (RAT) on mobile devices in Hong Kong, targeting protestors of the Occupy Central/Occupy Hong Kong movement. The trojan, called Xsser mRAT, can collect information on devices such as “SMS, email, and instant messages, and can also reveal location data, usernames and passwords, call logs and contact information.”

This development is important for a number of reasons:

  1. Whether the trojan uses the information it collects to determine upcoming developments in Hong Kong, find particular people of interest, or discern protest dynamics, it indicates how China desires to understand the activity on the ground at Occupy.
  2. It indicates that mobile device-saturated societies are particularly susceptible to these types of information security compromises: higher rates of mobile device usage and relative immaturity of user awareness and precaution against potential mobile threats mean greater number of possible infection points.
  3. The deployment of this trojan serves as an effective test bed for other scenarios where China and the People’s Liberation Army (PLA) may employ similar technology.  This could mean its use in other unstable situations, namely Xinjiang (where there is significant focus on counterterrorism), Tibet, and Taiwan.
  4. That the malware can target both iOS and Android devices shows significant progress in China’s ability to infiltrate technologies across platforms.
  5. PLA connections to the development of the malware indicates that China employs the PLA not only for potential foreign scenarios, but also for circumstances involving domestic political/security as well.
  6. Depending on the success of Xsser Mrat, the development and proliferation of mobile malware that can send potentially sensitive economic, financial or military information to competitors such as China could have major economic and national security implications for the United States. 


  • Amy Chang