EagleMsgSpy Android Spyware Linked to Chinese Authorities

Researchers at Lookout have uncovered a previously unknown Android spyware, dubbed EagleMsgSpy, reportedly used by Chinese law enforcement to monitor mobile devices. Developed by Wuhan Chinasoft Token Information Technology Co., Ltd., the spyware has been active since at least 2017 and may also have an iOS version, though no sample has been analyzed yet.

The malware is believed to be manually installed on unlocked devices during physical access, such as during arrests, and is not available on app stores, suggesting it is used by a limited group of operators. EagleMsgSpy collects extensive user data, including chat messages, call logs, location, screenshots, and browser bookmarks, storing it temporarily before encrypting and sending it to command-and-control servers.

Evidence linking the spyware to its creators includes shared IP addresses, encryption references, and internal documentation. Public security bureaus in cities like Yantai, Dengfeng, and Guiyang are tied to its command infrastructure, supporting claims of government use. Researchers note the spyware’s administrator panel, titled "Stability Maintenance Judgment System," enables real-time surveillance and indicates systematic deployment by state agencies.

Read more...

Read More

Comments

Loading... Logging you in...
  • Logged in as
There are no comments posted yet. Be the first one!

Post a new comment

Comments by