Chinese Spyware Targets Android Devices in New Cyber Threat Discovery

Android Devices Under Scrutiny

Security researchers have discovered a new surveillance tool that has been used by Chinese law enforcement to collect sensitive information from Android devices in China. The tool, named ‘EagleMsgSpy,’ was uncovered by researchers at U.S. cybersecurity firm Lookout.

Table of Contents

Background Information on EagleMsgSpy

The spyware, which has been operational since ‘at least 2017,’ is capable of collecting extensive information from mobile devices, including call logs, contacts, GPS coordinates, bookmarks, and messages from third-party apps, such as Telegram and WhatsApp. EagleMsgSpy can also initiate screen recordings on smartphones and capture audio recordings of the device while in use.

A Comprehensive Mobile Phone Judicial Monitoring Product

A manual obtained by Lookout describes the app as a ‘comprehensive mobile phone judicial monitoring product’ that can obtain ‘real-time mobile phone information of suspects through network control without the suspect’s knowledge, monitor all mobile phone activities of criminals and summarize them.’

Link to Public Security Bureaus and Government Offices

Kristina Balaam, a senior intelligence researcher at Lookout, stated that she assesses with ‘high confidence’ that EagleMsgSpy has been developed by a private Chinese technology company called Wuhan Chinasoft Token Information Technology. The tool’s infrastructure also reveals the developer’s links to public security bureaus — government offices that essentially act as local police stations — in mainland China.

Possible Targets and Risks

It’s not yet known how many individuals or who have been targeted by EagleMsgSpy. Balaam said the tool is likely being used predominantly for domestic surveillance, but notes that ‘anybody traveling to the region could be at risk.’ The tool requires physical access to a target device, but it’s possible that it could be modified to not require physical access in the future.

Infrastructure Overlap and Links to Other Surveillance Tools

Lookout noted that internal documents it obtained allude to the existence of an as-yet-undiscovered iOS version of the spyware. The company also observed two IP addresses tied to EagleMsgSpy that have been used by other China-linked surveillance tools, such as CarbonSteal, which has been used in previous campaigns to target the Tibetan and Uyghur communities.

Possible Implications and Future Developments

Balaam stated that she thinks if the tool was just about domestic surveillance, they would stand up their infrastructure in some place that we couldn’t access from North America. She believes this gives us a bit of insight into the fact that they’re hoping to be able to track people if they leave, whether they are Chinese citizens or not.

Conclusion

The discovery of EagleMsgSpy highlights the ongoing concerns about surveillance and data collection in China. As technology continues to evolve, it’s essential for researchers and policymakers to stay vigilant and address these issues proactively.

Recommendations

Conduct thorough investigations into the use of EagleMsgSpy and its potential implications.
Enhance security measures on Android devices to prevent unauthorized access and data collection.
Develop more effective ways to protect users’ personal data and maintain their trust in technology.

Timeline of Events

2017: The spyware, EagleMsgSpy, is first discovered by researchers at Lookout.
[Current Year]: Researchers from Lookout share their findings on the tool’s capabilities and potential links to public security bureaus and government offices.