More Information
- Fake Occupy Central app targets activists’ smartphones
- [突發] 假佔中app
- fake-code4hk-app
- Matthew Rudy Jacobs
- Code for Hong Kong on Facebook
First published: 17th September 2014
Messaging service WhatsApp was used to distribute links to an Android app that claimed to be for coordination of the Occupy Central protest. The app was supposedly created by Code4HK, a group with the aim of using programming to improve government transparency, but the link was distributed from an unknown phone number.
The link points to a server code4hk.vicp.cc, 101.55.121.36 located in South Korea. The second-level domain name, vicp.cc is registered to Shanghai Best Oray Information S&T Co.,Ltd. in Guangzhou.
The app was decompiled by Matthew Rudy Jacobs who reported that the app is designed to:
- Hijack the QQ app
- Capture outgoing call information and record the calls
- Use Baidu to gather location data
- Report to a remote server, "61.36.11.75", located in South Korea
The evidence so far suggests that unknown attackers are spreading this malware to spy on pro-democracy activists in Hong Kong.