xRAT: Monitoring Chinese Interests Abroad With Mobile Surveillance-ware
2019-05-17, 15:30–16:30, Conf 2

The rapid evolution of targeted Android surveillance-ware has enabled China’s mobile arsenal to successfully compromise target devices for years - this talk dives into the xRAT family and its tools.

With mobile becoming the platform-of-choice for advanced threat actors regardless of their budget, this talk will take a closer look at a custom surveillance tool called xRAT, which has its roots in previously reported malware known as mRAT and Xsser. Both these early pieces of malware have been associated with attacks against pro-democracy activists in Hong Kong dating as far back as 2014. However, xRAT was rapidly being developed in mid 2017 and again in the second half of 2018, with a different focus.

Apurva Kumar is a security researcher at Lookout that spends most of her time
uncovering and exposing threats as they emerge in and around the mobile space. Her work
incorporates threat hunting, reverse engineering, and penetration testing. Apurva has also spoken at a number of cyber security meetups and conferences such as KW Security Meetup, DefCon416, TASK and RSA 2019.

Arezou Hosseinzad-Amirkhizi is a security researcher and reverse engineer with experience working in different domains of security. She has discovered software vulnerabilities and leaded threat intelligence and incident response teams. Since 2017, she's been with Lookout mobile security focusing on reversing mobile malware.