Mobile Forensics Tool Used by Chinese Law Enforcement Dissected

The application is believed to be the successor of MFSocket, a tool that was analyzed in 2019, and which was used by the country’s police for the same purposes.

Both applications require physical access to the device to be installed, and are developed by Chinese surveillance specialist Xiamen Meiya Pico Information, which was sanctioned by the US government in December 2021.

Between 2019 and 2023, after MFSocket was ousted and analyzed, Lookout collected multiple Massistant samples signed with Android certificates referencing Meiya Pico. Together with forum posts mentioning the new tool, this suggests that Massistant is a replacement for MFSocket.

Both work in tandem with desktop forensics software to retrieve information from mobile devices, and appear to establish a connection over a port forwarding service.

To read the complete article see: Mobile Forensics Tool Used by Chinese Law Enforcement Dissected

:warning: Note: The opinions expressed in the posted news items do not necessarily reflect the views of Team Cymru.