Chinese police found using spyware to monitor Android devices

News
By published

New EagleMsgSpy software is being used to monitor smartphones

China
(Image credit: Shutterstock)
  • Surveillance tools are being used by Chinese law enforcement
  • Messages, call logs, and audio recordings were taken
  • Spyware and surveillance software is being increasingly widely used

A new surveillance tool is being used by Chinese law enforcement to collect ‘extensive’ information from mobile devices since 2017.

A new report by Lookout notes EagleMsgSpy is a lawful interception tool developed by a Chinese software firm. Targeting Android devices, the spyware requires physical installation, most likely through law enforcement officers who gain access and unlock the device. From there, a headless surveillance module remains on the device and collects and exfiltrates large volumes of sensitive data.

By analyzing the installer app, cybersecurity researchers believe that the surveillance tool is used by multiple customers of the software supplier. This is because the user is required to input a ‘channel’ which corresponds to an account.

Extensive surveillance

Researchers found indications that the spyware is actively maintained by developers who are continuously protecting the software from discovery and analysis, with an evolution in the ‘sophistication of the use of obfuscation and storage of encrypted keys over time’.

As part of the surveillance, the software collects hordes of information on the victim, including all messages from sites such as Telegram and WhatsApp, call logs, SMS messages, GPS coordinates, audio recordings, and screenshots of the device in use.

This isn’t the first time in recent months that Chinese state actors have been found to be using spyware. Earlier this year, US telecommunications companies Verizon and AT&T were breached.

The breach used the existing infrastructure for ‘lawful interception’ by American law enforcement, which of course was then opportunistically exploited by threat actors. National security concerns in the US (and presumably in China) means that spyware and backdoors for law enforcement are developed at an alarming rate.

Critics of these software point out that the existence of spyware and surveillance tools, even if they are only used by officially sanctioned actors, means there is a risk that the tools will be exploited by threat actors.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
Kaspersky Report on Stalkerware
Security flaw in popular stalkerware apps is exposing phone data of millions
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
Photograph of a hand holding a smartphone with two googly eyes
Every tap, every message – how to stop your smartphone spying on you
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
Latest in News
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
Nikon Z5
The Nikon Z5 II could land soon – here's what to expect from Nikon's rumored entry-level full-frame camera
Google Pixel Watch 3
Google Pixel Watches hit with delayed notifications, crashing, and performance issues following Wear OS 5.1 update
More about security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
girl using laptop hoping for good luck with her fingers crossed

Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
See more latest
Most Popular
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Teenager playing on a gaming PC with two monitors
Samsung's OLED monitors are about to get much cheaper - and it's about time
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
Nikon Z5
The Nikon Z5 II could land soon – here's what to expect from Nikon's rumored entry-level full-frame camera
Google Pixel Watch 3
Google Pixel Watches hit with delayed notifications, crashing, and performance issues following Wear OS 5.1 update
Frank Castle pinning Matt Murdock against a locker in Daredevil: Born Again episode 4
What time is Daredevil: Born Again episode 5 going to be released on Disney+?
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used