Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones, allowing them to obtain text messages — including from chat apps such as Signal — images, location histories, audio recordings, contacts, and more.

On Wednesday, mobile cybersecurity company Lookout published a new report — shared exclusively with TechCrunch — detailing the hacking tool called Massistant, which the company said was developed by Chinese tech giant Xiamen Meiya Pico.

Massistant, according to Lookout, is Android software used for the forensic extraction of data from mobile phones, meaning the authorities using it need to have physical access to those devices. While Lookout doesn’t know for sure which Chinese police agencies are using the tool, its use is assumed widespread, which means both Chinese residents, as well as travelers to China, should be aware of the tool’s existence and the risks it poses.

“It’s a big concern. I think anybody who’s traveling in the region needs to be aware that the device that they bring into the country could very well be confiscated and anything that’s on it could be collected,” Kristina Balaam, a researcher at Lookout who analyzed the malware, told TechCrunch ahead of the report’s release. “I think it’s something everybody should be aware of if they’re traveling in the region.”

Balaam found several posts on local Chinese forums where people complained about finding the malware installed on their devices after interactions with the police. 

“It seems to be pretty broadly used, especially from what I’ve seen in the rumblings on these Chinese forums,” said Balaam.

The malware, which must be planted on an unlocked device, and works in tandem with a hardware tower connected to a desktop computer, according to a description and pictures of the system on Xiamen Meiya Pico’s website.

Balaam said Lookout couldn’t analyze the desktop component, nor could the researchers find a version of the malware compatible with Apple devices. In an illustration on its website, Xiamen Meiya Pico shows iPhones connected to its forensic hardware device, suggesting the company may have an iOS version of Massistant designed to extract data from Apple devices.

Police do not need sophisticated techniques to use Massistant, such as using zero-days — flaws in software or hardware that have not yet been disclosed to the vendor — as “people just hand over their phones,” said Balaam, based on what she’s read on those Chinese forums.

Since at least 2024, China’s state security police have had legal powers to search through phones and computers without needing a warrant or the existence of an active criminal investigation. 

“If somebody is moving through a border checkpoint and their device is confiscated, they have to grant access to it,” said Balaam. “I don’t think we see any real exploits from lawful intercept tooling space just because they don’t need to.”

The good news, per Balaam, is that Massistant leaves evidence of its compromise on the seized device, meaning users can potentially identify and delete the malware, either because the hacking tool appears as an app, or can be found and deleted using more sophisticated tools such as the Android Debug Bridge, a command line tool that lets a user connect to a device through their computer. 

The bad news is that at the time of installing Massistant, the damage is done, and authorities already have the person’s data. 

According to Lookout, Massistant is the successor of a similar mobile forensic tool, also made by Xiamen Meiya Pico, called MSSocket, which security researchers analyzed in 2019. 

Xiamen Meiya Pico reportedly has a 40% share of the digital forensics market in China, and was sanctioned by the U.S. government in 2021 for its role in supplying its technology to the Chinese government. 

The company did not respond to TechCrunch’s request for comment.

Balaam said that Massistant is only one of a large number of spyware or malware made by Chinese surveillance tech makers, in what she called “a big ecosystem.” The researcher said that the company tracks at least 15 different malware families in China.

Meta has fixed a security bug that allowed Meta AI chatbot users to access and view the private prompts and AI-generated responses of other users.

Sandeep Hodkasia, the founder of security testing firm Appsecure, exclusively told TechCrunch that Meta paid him $10,000 in a bug bounty reward for privately disclosing the bug he filed on December 26, 2024. 

Meta deployed a fix on January 24, 2025, said Hodkasia, and found no evidence that the bug was maliciously exploited.

Hodkasia told TechCrunch that he identified the bug after examining how Meta AI allows its logged-in users to edit their AI prompts to re-generate text and images. He discovered that when a user edits their prompt, Meta’s back-end servers assign the prompt and its AI-generated response a unique number. By analyzing the network traffic in his browser while editing an AI prompt, Hodkasia found he could change that unique number and Meta’s servers would return a prompt and AI-generated response of someone else entirely.

The bug meant that Meta’s servers were not properly checking to ensure that the user requesting the prompt and its response was authorized to see it. Hodkasia said the prompt numbers generated by Meta’s servers were “easily guessable,” potentially allowing a malicious actor to scrape users’ original prompts by rapidly changing prompt numbers using automated tools.

When reached by TechCrunch, Meta confirmed it fixed the bug in January and that the company “found no evidence of abuse and rewarded the researcher,” Meta spokesperson Ryan Daniels told TechCrunch.

News of the bug comes at a time when tech giants are scrambling to launch and refine their AI products, despite many security and privacy risks associated with their use.

Meta AI’s standalone app, which debuted earlier this year to compete with rival apps like ChatGPT, launched to a rocky start after some users inadvertently publicly shared what they thought were private conversations with the chatbot. 

Meta and Mark Zuckerberg are in a hurry to build their superintelligence tech. The company has been poaching AI researchers, while CEO Mark Zuckerberg announced on Monday that Meta is building a 5-gigawatt data center called Hyperion.

The urgency is palpable. As SemiAnalysis reported last week and Business Insider noted, Meta is so eager to boost its computing power that it’s literally erecting tents for temporary data center capacity while its facilities are still under construction.

These are all signs that Meta wants to build up its AI capacity faster after falling behind competitors like OpenAI, xAI, and Google — and that Zuckerberg isn’t willing to wait for typical construction timelines to close the gap.

“This design isn’t about beauty or redundancy. It’s about getting compute online fast!” SemiAnalysis said in its report. “From prefabricated power and cooling modules to ultra-light structures, speed is of the essence as there is no backup generation (ie, no diesel generators in sight),” it added.

As for its Hyperion data center, Meta spokesperson Ashley Gabriel tells TechCrunch that it will be located in Louisiana and will likely have a capacity of 2 gigawatts by 2030.