Chinese Mobile Forensic Tooling Discovered
Essential information
- Published
- 18/07/2025 07:35
- Modified
- 18/07/2025 08:51
- Tags
- 2025-07-18 data collection law-enforcement mfsocket mobile forensics surveillance travel security
- Related entities
- 6 observables, 1 intrusion sets (apt), 2 malware, 4 others
Description
Lookout Threat Lab has uncovered a mobile forensics application called Massistant, used by Chinese law enforcement to extract extensive data from mobile devices. Believed to be the successor of MFSocket, Massistant requires physical access to install and is not distributed through official app stores. It collects sensitive information including GPS data, SMS messages, images, audio, contacts, and phone services. The tool is associated with Xiamen Meiya Pico Information Co., Ltd., a Chinese technology company controlling a significant portion of China's digital forensics market. Massistant introduces new features like Accessibility Services to bypass device security prompts and support for additional messaging apps. The discovery raises concerns about data privacy for travelers to China, as law enforcement can potentially access and analyze confiscated devices without a warrant.