- Surveillance tools are being used by Chinese law enforcement
- Messages, call logs, and audio recordings were taken
- Spyware and surveillance software is being increasingly widely used
A new surveillance tool is being used by Chinese law enforcement to collect ‘extensive’ information from mobile devices since 2017.
A new report by Lookout notes EagleMsgSpy is a lawful interception tool developed by a Chinese software firm. Targeting Android devices, the spyware requires physical installation, most likely through law enforcement officers who gain access and unlock the device. From there, a headless surveillance module remains on the device and collects and exfiltrates large volumes of sensitive data.
By analyzing the installer app, cybersecurity researchers believe that the surveillance tool is used by multiple customers of the software supplier. This is because the user is required to input a ‘channel’ which corresponds to an account.
Extensive surveillance
Researchers found indications that the spyware is actively maintained by developers who are continuously protecting the software from discovery and analysis, with an evolution in the ‘sophistication of the use of obfuscation and storage of encrypted keys over time’.
As part of the surveillance, the software collects hordes of information on the victim, including all messages from sites such as Telegram and WhatsApp, call logs, SMS messages, GPS coordinates, audio recordings, and screenshots of the device in use.
This isn’t the first time in recent months that Chinese state actors have been found to be using spyware. Earlier this year, US telecommunications companies Verizon and AT&T were breached.
The breach used the existing infrastructure for ‘lawful interception’ by American law enforcement, which of course was then opportunistically exploited by threat actors. National security concerns in the US (and presumably in China) means that spyware and backdoors for law enforcement are developed at an alarming rate.
Critics of these software point out that the existence of spyware and surveillance tools, even if they are only used by officially sanctioned actors, means there is a risk that the tools will be exploited by threat actors.
