Researchers Uncover Chinese Spyware Used To Target Android Devices

Security researchers have uncovered a new surveillance tool that they say has been used by Chinese law enforcement to collect sensitive information from Android devices in China. From a report: The tool, named "EagleMsgSpy," was discovered by researchers at U.S. cybersecurity firm Lookout. The company said at the Black Hat Europe conference on Wednesday that it had acquired several variants of the spyware, which it says has been operational since "at least 2017."

Kristina Balaam, a senior intelligence researcher at Lookout, told TechCrunch the spyware has been used by "many" public security bureaus in mainland China to collect "extensive" information from mobile devices. This includes call logs, contacts, GPS coordinates, bookmarks, and messages from third-party apps including Telegram and WhatsApp. EagleMsgSpy is also capable of initiating screen recordings on smartphones, and can capture audio recordings of the device while in use, according to research Lookout shared with TechCrunch.

A manual obtained by Lookout describes the app as a "comprehensive mobile phone judicial monitoring product" that can obtain "real-time mobile phone information of suspects through network control without the suspect's knowledge, monitor all mobile phone activities of criminals and summarize them."

China scary

[Baron_Yam]

I mean, yes, authoritarian regime that goes full Orwell on some people the CCP finds irritating, but in terms of technology this isn't anything you won't find deployed in the West by governments, companies, criminals, and individuals.

What I'd like to hear about is a reliable detection / cleaner tool for my Chinese Android phone that finds both Eastern and Western surveillance apps.

Re:

[Anonymous Coward]

the us has been caught multiple times doing the exact same stuff to their own citizens (ref. snowden - how soon we forget).

Re: China scary

[drinkypoo]

Lots of people, including people here on slashdot, don't believe the lessons of Snowden or the other contemporary whistle blowers like Manning or Winner.

They don't even know about QWest refusal of NSA surveillance requests despite it being described on WP because they think encyclopedias are woke.

You cannot reach these people because their world views depend on their willful ignorance.

Re:

[TheRealMindChild]

But it isn't "the exact same thing". The NSA put[s] monitoring/recording devices the exit/entry points of many of the worlds networks, where this story is about Spyware on Android cellphones

Re:

[Baron_Yam]

What kind of neural deficit makes it possible to interpret "China's CCP is Orwellian" as a statement made by a shill?

How can you be so fucking stupid as to not see the part where I was explicitly comparing the technology? That's not whataboutism, that's a valid point.

Just go away. You're not even half as clever as you imagine.

Re:

[ArchieBunker]

Found the CCP shill. First response? Whataboutism.

Contrary to the lies put out, this is not a common thing in the US. Period. You don't find the FBI sticking devices on any and all people

Room 641A. https://en.wikipedia.org/wiki/... [wikipedia.org]

Re: China scary

[drinkypoo]

"Contrary to the lies put out, this is not a common thing in the US. Period."

What's it like still being in the nineties before we all knew about PRISM? Must be great.

Re: China scary

[Slashythenkilly]

You just made two contradictory comments while replying to one person....so which one is it, Snowden or defending the FBI? (which is wrong by the way- the NSA does all the info vaccumming and shares with other federal agencies via "Homeland Security- another bad joke" Oh and what is this crap..'you dont find the FBI doing this or that' ...like the FBI admits to anything. Operation Cointelpro ring a bell?

It's always amusing that the whataboutism posts

[waspleg]

come out immediately when these Chinese/CCP stories come out - as though that excuses the shit they do in any way.

Re:

[Valgrus Thunderaxe]

Calling out hypocrisy isn't a logical fallacy. Crying "whataboutism" is a tactic used to shut down conversation while at the same time trying to sound intelligent.

Re:

[DamnOregonian]

Calling out hypocrisy is, in fact, a logical fallacy.

For example,
Me saying, "you shouldn't kill people" doesn't make me wrong, even if I have in fact killed someone.
Pointing out that I'm a hypocrite is a fallacious attempt at distracting from the fact that my point is correct.

Re:

[Baron_Yam]

What I really love are the brainiacs who think they're clever 'calling our shills' or 'pointing out whataboutism' when they're really just showing everyone they were incapable of understanding the post they'd replied to.

Those guys are the kind you're not supposed to point at and laugh. It's not their fault they're challenged, after all. You keep trying, little buddy. Eventually you'll get it right just from sheer luck if nothing else.

Re:China scary

[rocket rancher]

Ah, the classic whataboutism move—whenever something unpleasant about a regime like China comes to light, the best strategy is to deflect by suggesting ‘the West does it too!’ It’s almost as if pointing out authoritarian surveillance practices automatically excuses them by the mere existence of similar tactics elsewhere. How convenient.

While I'm sure you're just concerned about the technological parity between Eastern and Western surveillance—after all, who doesn’t worry about which spy tools are lurking on their device—let's take a moment to appreciate that there is a world of difference between the surveillance practices of a totalitarian regime and those that (at least in theory) operate within the framework of democratic oversight.

In democracies like the United States, surveillance tools are subject to laws like the Foreign Intelligence Surveillance Act (FISA), which (for all its flaws) requires judicial approval for intelligence gathering, especially when it comes to spying on U.S. citizens. In fact, the U.S. has multiple layers of legal oversight to ensure that surveillance powers are not abused—though, granted, that oversight often gets muddied or circumvented, as we've seen with controversies over mass data collection. But still, it’s a far cry from China’s situation, where EagleMsgSpy operates without any public accountability or judicial review.

Meanwhile, in other democracies like Germany, the UK, or Canada, their intelligence agencies also have to work within the framework of human rights and rule of law, even when countering terrorism or other security threats. Do abuses happen? Of course. But to equate this to an authoritarian state that routinely bypasses basic freedoms for its citizens in the name of "national security" is not just misleading—it’s dangerous.

So, yes, surveillance exists in the West, but it's under a completely different set of norms and rules. The key difference here is the democratic oversight and legal safeguards in place, which, let’s be honest, are probably the last thing you’ll find in a country where dissent gets you thrown into a reeducation camp.

But hey, maybe you're just really invested in making sure your Chinese Android phone stays clean of both ‘Eastern’ and ‘Western’ spyware. Given the apparent concerns about all-encompassing surveillance, I'm sure you're also concerned about the lack of checks and balances on your data in the places where those ‘Western’ surveillance tools come from...funny how you’re worried about both ‘Eastern’ and ‘Western’ surveillance, yet somehow never mention that both systems are operating without the same level of democratic oversight and accountability, right? But, sure, keep pretending it’s all just about the technology.

Re: China scary

[PoopMelon]

Uhh yeah except in china they massacre tibetans, fo a little uyghur genocide here and there, a tid bit of reeducation centres and some sprinkle of targeting politically unfitting journalists or activists. Mass surveiling citizens/visitors in an oppressive regime is something different than having fbi track down criminals (even though they also do outreach their authorities). Simply uncomparable

Re:

[MachineShedFred]

Don't speak too soon - we have no idea what abuses the next 4 years may bring.

Capture audio recording???

[ls671]

EagleMsgSpy is also capable of initiating screen recordings on smartphones, and can capture audio recordings of the device while in use, according to research Lookout shared with TechCrunch.

Capture audio recording? Or, capture audio? Record captured audio maybe?

Re:

[diffract]

What makes you think they didn't?

Re:

[ArchieBunker]

The Chinese probably stole it from them.

Time for an app tier lockdown mode with Android?

[ctilsie242]

Overall, AOSP has a good security record. It uses SELinux, and has a solid permissions model. Maybe they could add fapolicyd as an AppLocker layer to ensure that app "A" can't read app "B"'s stuff, but overall, it is a solid model, even allowing for full root without any loss in security.

The problem is that so much stuff is done to short-circuit the model for telemetry or slurping ads, that it allows things like spyware to happen. Android has a lockdown mode, but that is different from iOS, as it blocks

Re:

[codebase7]

Maybe they could add fapolicyd as an AppLocker layer to ensure that app "A" can't read app "B"'s stuff

Android has had that on internal app storage since forever. The basic permissions model gives every app and developer it's own UID / GID on the kernel side of things, and unless you are the same developer that wrote app A, your app B cannot read app A's data as it's kernel permissions aren't set to allow app B's UID / GID access.

As for external storage, Google already did that too. It caused havoc with various apps (media players, ebook readers, emulators, etc.) that now cannot read the SD card to load u

Re:

[Big Hairy Gorilla]

I remove google mobile services (GMS) from my androids. I've made an assumption that most malwares are dependent on GMS... I watched traffic with tcpdump after and found no unexpected traffic.. except for very small amount (under 20 bytes) going to google periodically... I suspect that was probably system configuration information and I never figured out who/what was sending it... last time I did this, I trimmed the package list from >400 apks, to <250 apks... I've gotten as low as 180 apks left afte

Re:

[DamnOregonian]

Overall, AOSP has a good security record.

lol.
I personally have 3 CVEs for AOSP. 2 within its userspace, one for one of its kernel functions.

I wouldn't call it good by any means. In my career as a whitehat, AOSP was my most successful target.

Ethical dev

[sacrilicious]

"...monitor all mobile phone activities of criminals and summarize them."

Oh good, it was carefully written so that it can only monitor criminals.

The missing info

[Mononymous]

These stories never ever explain how the malware gets on the devices.
If it was installed from the Play Store, what was the name of the app, and why was it allowed?
If it came from some other source, what was it?
Why did users install it? What did they think they were getting?
The function of the software is not the interesting part of this story.

Re:

[latchiko]

There is no Play Store in China, and most if not all Google apps do not work there (lens, maps, gmail). There are many app stores, Baidu, Huawei, Tencent, Xiaomi are the most popular I think.