Chinese Mobile Forensic Tooling Discovered

July 18, 2025, 8:51 a.m.

Description

Lookout Threat Lab has uncovered a mobile forensics application called Massistant, used by Chinese law enforcement to extract extensive data from mobile devices. Believed to be the successor of MFSocket, Massistant requires physical access to install and is not distributed through official app stores. It collects sensitive information including GPS data, SMS messages, images, audio, contacts, and phone services. The tool is associated with Xiamen Meiya Pico Information Co., Ltd., a Chinese technology company controlling a significant portion of China's digital forensics market. Massistant introduces new features like Accessibility Services to bypass device security prompts and support for additional messaging apps. The discovery raises concerns about data privacy for travelers to China, as law enforcement can potentially access and analyze confiscated devices without a warrant.

External References

https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics
https://otx.alienvault.com/pulse/6879f93b6deb93df0f1e6c0c
Tags
surveillance
travel security
law enforcement
data collection
2025-07-18
mobile forensics
mfsocket

Date

  • Created: July 18, 2025, 7:35 a.m.
  • Published: July 18, 2025, 7:35 a.m.
  • Modified: July 18, 2025, 8:51 a.m.

Indicators

  • f56b54fb7e1b537820e8eab59195ef05c3802d5cebe0bb7153a2917652cb5036
  • e0b8509d47a62f7accca6f4ac95b08ec6b5aa9cb65facb8e2e06d2985bec501f
  • a724e591c37090b4f75a1d5e42d633e630e1c4d91f0104ea76b49799d476f007
  • 88dfe2b3496222b06f698b35b3717978d2c85b927770d113292e41fc6aee9b73
  • 81b57f38231b7f66cf39d90c172fa10680e5da5ceda2f1a331e6fc40e11ae067
  • 0075564737a95f4d07e46e49763005e67ca9af0971244f184a7420ed5382d295
Download all indicators here!

Attack Patterns

  • MFSocket
  • Massistant
  • Meiya Pico

Additional Informations

  • Technology
  • Government
  • China
  • Russian Federation