China Warns Public of Fake Police Apps Spreading Trojan Malware

China’s National Cybersecurity Reporting Center has issued an urgent warning about a malicious mobile application impersonating the country’s public security services, urging citizens to take immediate precautions against a Trojan malware campaign designed to steal payment information and seize remote control of infected devices.

The warning, published on June 18, 2026, via the center’s official WeChat account, was promptly circulated by major state media outlets including CCTV News and China News Service.

The Malicious App

The fake application masquerades as “公安一网通办” (Public Security One-Stop Service), a legitimate government service app operated by China’s Ministry of Public Security. It is being distributed through the domain 110GongAn.com, hosted at IP address 207.56.30.188 — a domain name designed to appear authentic by incorporating “110,” China’s police emergency number, and “GongAn,” the Chinese term for public security.

According to the National Cybersecurity Reporting Center, the app’s installation package contains an embedded Trojan program that uses social engineering tactics to trick users into downloading and installing it. Once installed, the malware can:

• Steal payment information from the device
• Enable remote control of the infected device by attackers
• Gain unauthorized access to device permissions
• Conduct espionage and data theft

“Once users download and install the app on their mobile devices, attackers can control the user’s terminal device, obtain corresponding access permissions, and carry out espionage and other attacks,” the center warned in its official statement.

Broader Cybersecurity Context

The warning comes amid China’s ongoing and intensifying campaign against cyber fraud. In 2025 alone, Chinese public security authorities solved approximately 258,000 telecom and online fraud cases under the Anti-Telecom Network Fraud Law, as reported by IT Home.

In April 2026, the Cyberspace Administration of China (CAC), Ministry of Industry and Information Technology (MIIT), and Ministry of Public Security jointly announced a special campaign targeting the illegal collection and use of personal data by apps and SDKs across various industry sectors, as documented on the CAC’s official website.

The impersonation attack exploits the rapid digitization of government services in China. As citizens increasingly rely on mobile platforms for government transactions, the attack surface for malicious actors expands correspondingly. The use of a domain name mimicking the police emergency number represents a sophisticated social engineering tactic that could easily deceive unsuspecting users.

Official Safety Recommendations

The National Cybersecurity Reporting Center issued four key safety recommendations for the public:

Use official channels only. Download apps exclusively through the Ministry of Public Security’s “Internet + Government Services” platform, official mobile app stores, and other authorized distribution channels. Avoid links from text messages, WeChat group forwards, unofficial QR codes, or obscure cloud storage services.

Verify app authenticity. Before downloading, check the app name, icon, and developer information. The legitimate “公安一网通办” app is developed by the Ministry of Public Security Information and Communications Center. Apps with similar names, rough icons, or unclear developer information should be rejected.

Limit permissions. When installing apps, grant only the minimum permissions necessary for the app’s function. Avoid entering sensitive information — including ID numbers, bank card details, payment passwords, and SMS verification codes — in apps from unknown sources.

Respond to incidents promptly. If a fake government app has been installed, uninstall it immediately and run a security scan. If information has been leaked or funds compromised, change account passwords, freeze payment channels, and report to the police without delay.

Implications and Outlook

This incident highlights the growing threat of “brandjacking” and government impersonation in the mobile app ecosystem. The coordinated multi-platform response — with warnings disseminated through CCTV, China News Service, Sina Tech, National Business Daily, and Phoenix Tech — demonstrates China’s centralized approach to public cybersecurity alerts.

Several questions remain unanswered: The perpetrators behind the malicious app have not been identified, no infection statistics have been released, and it is unclear whether the domain 110GongAn.com has been taken down. Authorities have not indicated whether related variants of the app may be circulating.

As China continues to expand its digital government services, the balance between convenience and security will remain a critical challenge. For now, the message from authorities is clear: verify before you trust, and when in doubt, stick to official channels.