Security researchers at U.S.-based cybersecurity firm Lookout have uncovered EagleMsgSpy, a spyware tool allegedly used by Chinese public security bureaus. The tool has been operational since at least 2017 and targets Android devices.

Kristina Balaam, a senior intelligence researcher at Lookout, revealed that EagleMsgSpy collects sensitive user data. This includes call logs, contacts, GPS locations, bookmarks, and messages from apps like Telegram and WhatsApp. The spyware can also initiate screen and audio recordings on compromised devices.

Documents obtained by Lookout describe EagleMsgSpy as a "comprehensive judicial monitoring product." It enables law enforcement to access real-time mobile phone data without user knowledge. Balaam noted the tool allows monitoring of all mobile activities and summarizing them for analysis.

EagleMsgSpy is believed to be developed by Wuhan Chinasoft Token Information Technology. Infrastructure overlaps suggest strong ties between the developer and Chinese public security bureaus.

Balaam highlighted that the spyware is mainly used for domestic surveillance. However, she warned that foreign travelers to China could also be targeted. “They may hope to track individuals even after leaving the region,” she said.

Currently, EagleMsgSpy requires physical access to the target device. However, Lookout researchers warned that future versions could eliminate this requirement. The tool remains under active development, raising concerns about its growing capabilities.

The investigation also linked EagleMsgSpy to other surveillance tools like CarbonSteal. These tools have been used in campaigns against groups such as Tibetans and Uyghurs.

Lookout further hinted at the possible existence of an iOS version of the spyware, though it has not yet been uncovered.

TECHCRUNCH