Chinese Police Deploy Secret Android Spyware ‘EagleMsgSpy’ to Monitor Citizens

Chinese Police Deploy Secret Android Spyware 'EagleMsgSpy' to Monitor Citizens

EagleMsgSpy: New Chinese Surveillance Spyware Targeting Android Devices

A sophisticated Android spyware dubbed ‘EagleMsgSpy’ has been uncovered by security firm Lookout, revealing a comprehensive surveillance tool allegedly used by Chinese law enforcement agencies. The spyware, developed by Wuhan Chinasoft Token Information Technology Co., Ltd., has been active since 2017.

Capabilities and Implementation
The spyware’s extensive surveillance features include:
– Interception of messages from popular chat apps (QQ, Telegram, WhatsApp)
– Screen and audio recording capabilities
– Collection of call logs, contacts, and SMS messages
– GPS location tracking
– Browser data and storage file access

The malware is manually installed on unlocked devices during physical access, typically during law enforcement operations. It employs advanced encryption and code obfuscation techniques, with data being encrypted and compressed before transmission to command-and-control servers.

Administrative Control
The spyware operates through a “Stability Maintenance Judgment System” administration panel, enabling operators to:
– Initiate real-time surveillance
– Trigger audio recordings
– Monitor contact networks
– Track geographical distribution of communications

Evidence Trail
Multiple pieces of evidence link the spyware to Wuhan Chinasoft Token Information Technology:
– Shared infrastructure and domain usage
– Internal documentation references
– Geographic correlation with company location
– Connections to various Chinese public security bureaus

The investigation also suggests the existence of an iOS variant, though samples remain unconfirmed. The spyware’s distribution appears limited to specific law enforcement operations, with no presence on public app stores.

Share This Article