Sites of Pro-Democracy Hong Kong Activists Infected with Spyware

Hackers have slipped malicious code into four sites championing democracy in Hong Kong likely to compromise the computers of browsing dissenters.

The political organizations, “especially those seeking increased levels of freedom, frequently find themselves targeted for surveillance and information extraction,” Steven Adair of security company Volexity wrote in a blog post.

The affected websites are the Alliance for True Democracy (ATD), the Democratic Party Hong Kong (DPHK), People Power in Hong Kong and The Professional Commons.

Adair recommended not visiting the sites, since some of the malicious activity is ongoing.

Activists have gathered on Hong Kong streets in the real world to protest restrictions China has placed on the territory’s 2017 elections.

The corrupt code injected into the ATD and DPHK sites links to a suspected malicious script from another domain, “java-se.com.” That site has been associated with malicious activity in the past.

The People Power in Hong Kong website now sports a malicious iframe that links to a Chinese URL-shortener address, which then redirects visitors to a malicious page hosted on a Hong Kong IP address.

It is believed that this assault was orchestrated by a different group than the one executing the “java-se.com” tactic.

The last website, The Professional Commons, contains fishy JavaScript that loads an iframe which links to the website of a hotel in South Korea. The iframe tries to load a webpage that no longer exists, indicating the hackers have halted their work.

“If it is actually malicious, it is possible the code could be reactivated at any time,” Adair wrote.