Security researchers have identified a sophisticated Android surveillance tool, known as EagleMsgSpy, that has been used by Chinese police departments since at least 2017. The spyware, developed by Wuhan Chinasoft Token Information Technology Co., Ltd., represents a significant advancement in mobile surveillance capabilities amid growing concerns about digital privacy and state monitoring.
The surveillance program collects a wide range of information, including third-party chat messages, screenshots, screen recordings, audio recordings, call logs, device contacts, SMS messages, location data, and network activity. It specifically targets messages from popular messaging applications used in China, including QQ, Viber, WhatsApp, WeChat, and Telegram. The comprehensive data collection approach raises particular concerns given recent warnings from security agencies about vulnerabilities in mobile messaging systems.
Installation of EagleMsgSpy requires physical access to the target device and can be accomplished either through USB connection or QR code scanning. The software is not distributed through official app stores like Google Play, making it more difficult to detect and track its deployment.
The administrative control panel provides capabilities for real-time data collection, including the ability to trigger photo capture, take screenshots, block specific phone numbers from making or receiving calls and messages, and initiate audio recording from the device. These features enable comprehensive surveillance of target individuals without their knowledge or consent.
Lookout researchers discovered internal documents in open directories on attacker-controlled infrastructure suggesting the possible existence of an iOS version, though no such component has been identified in active use. Code analysis revealed infrastructure connections to multiple provincial public security bureaus in China, indicating widespread adoption by law enforcement agencies.
“EagleMsgSpy’s distinguishing characteristic is its comprehensive data collection capabilities, particularly its ability to gather encrypted messages from various messaging applications, along with its apparent widespread use by public security bureaus,” said Kristina Balaam, senior staff threat intelligence researcher at Lookout.
The developing company, also known as Wuhan Zhongruan Tongzheng Information Technology Co., Ltd., has filed patent applications describing methods for collecting and analyzing client data, including call records, messages, and address books, as well as generating relationship diagrams between subjects of interest. The patent filings provide additional evidence of the company’s long-term commitment to developing surveillance technologies.
Sources: The Hacker News, Recorded Future News
Follow Us