<Thread> China spies on fellow citizens with the help of private enterprise. Here is an example. 1/18
-
-
By playing with the parameters of the URL, we can find 2 other applications. The links on the page can be translated: "Download Public Security Check", "Download Public Security Project". 8/18 http://47.93.5.238:8081/APP/
Show this thread -
Thanks to VirusTotal I managed to get 6 different additional samples. I will analyse these applications in a next thread, this one is already super long. 9/18
Show this thread -
The IP address 47.93.5.238 corresponds to http://bxaq.landaitap.com . Whois information shows that this domain has been registered with a landasoft address. 10/18pic.twitter.com/1hh5t2Nezo
Show this thread -
According to
@Bloomberg, Shanghai Landasoft Data Technology Inc. designs and develops prepackaged software solutions for data management and analysis; human management; and criminal suspects trajectory and intelligence analysis. 11/18 https://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=417407133 …Show this thread -
Moreover, did you notice the itap in the URL? iTAP is a "product" of Landasoft. Here is the video presentation available on their website. Take the time to watch the full video and then think about the implications. 12/18pic.twitter.com/b9U91rAgm1
Show this thread -
If you want to know more about iTAP and how it's use, you can check the case center. 13/18 http://www.landasoft.com/html/class/dsjfx/itapalzx/index.html …
Show this thread -
By analyzing the APKs found previously, we can find the iTAP backend which is accessible only on mobile. 14/18pic.twitter.com/7eCJVevT7n
Show this thread -
Take the time to zoom in on the banners, to observe the number of logos. It's frightening... 15/18pic.twitter.com/BLp2xBD7WA
Show this thread -
From this site you can download 2 files called ITAP_x32 and ITAP_x64. These archives contains an exe file detected as Trojan.Win32.KillProc.eljgui by NANO-Antivirus. 16/18 https://www.virustotal.com/#/file/e9ab71b4a57a3f9011cbc5aaba846ab5361f09208810ead1360861c69e5071bb/detection …
Show this thread -
This exe file will install a modified version of Chrome. If you are a reverse engineer specialized in this field, can you analyze this file? Your help will be super appreciate. 17/18pic.twitter.com/HkTT0XyboC
Show this thread -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.