Security experts at Lookout have found a sophisticated spyware named EagleMsgSpy. This mobile spyware system helps Chinese police agencies collect data from phones. The Android spy program has been active since 2017. Researchers spotted recent malware samples as late as September 2024.
The tool has two main parts: an APK to install it and a hidden spy client that runs on infected phones. The spyware intercepts messages from many chat apps like QQ, Telegram, Viber, WhatsApp, and WeChat. It also records screens, takes screenshots, records audio, gets call logs, steals contact lists, tracks location, and watches network activity.
Lookout attributed the surveillance program to a Chinese company called Wuhan Chinasoft Token Information Technology Co., Ltd. They sell it as a “full phone monitoring product for law enforcement” to get real-time info about suspects without them knowing.
It’s worth mentioning that EagleMsgSpy needs physical access to a device to install it initially. You can set it up using QR codes, USB connections, or by interacting with the device. The tool has a clever design that allows it to compress data and send it to a command-and-control (C2) server using WebSocket communication with the STOMP protocol.
The newer versions of the spyware have gotten better at hiding themselves. They use the open-source ApkToolPlus app protection tool to hide their code. The tool has an admin panel built with AngularJS, that gives authenticated access to what are likely law enforcement customers.
The researchers also found some interesting links to possible iOS development. The panel’s source code had references to functions specific to iOS.
The company that made the spyware has filed several patent applications. These patents describe ways to collect and analyze suspect data, including mapping relationships between people.
What’s concerning is that Lookout found IP addresses linked to the spyware. These same addresses have been connected to other surveillance tools based in China that target minority groups like Tibetans and Uyghurs.
The investigation points to EagleMsgSpy being a high-tech, state-sponsored surveillance tool. It might be used by multiple public security bureaus across China. This raises big questions about privacy and human rights.
