- Chinese law enforcement uses surveillance tools
- Messages, call logs and audio recordings were taken.
- Spy and surveillance software is increasingly used
Chinese law enforcement is using a new surveillance tool to collect “extensive” information from mobile devices since 2017.
A new report from Lookout points out that EagleMsgSpy is a legal interception tool developed by a Chinese software company. The spyware, targeting Android devices, requires physical installation, most likely through law enforcement officials gaining access to and unlocking the device. From there, a headless surveillance module remains on the device and collects and extracts large volumes of sensitive data.
Analyzing the installation application, cybersecurity researchers believe that the surveillance tool is used by several clients of the software provider. This is because the user must enter a “channel” that corresponds to an account.
Extensive surveillance
The researchers found indications that spyware is actively maintained by developers who continually protect the software from discovery and analysis, with an evolution in the “sophistication of the use of obfuscation and the storage of encrypted keys over time” .
As part of the surveillance, the software collects hordes of information about the victim, including all messages from sites like Telegram and WhatsApp, call logs, SMS messages, GPS coordinates, audio recordings, and screenshots of the device in use.
This is not the first time in recent months that Chinese state actors have been found to be using spyware. Earlier this year, US telecommunications companies Verizon and AT&T were attacked.
The breach used existing infrastructure for “lawful interception” by US law enforcement, which of course was then opportunistically exploited by threat actors. National security concerns in the United States (and presumably China) mean that spyware and law enforcement backdoors are developing at an alarming rate.
Critics of this software point out that the existence of spyware and surveillance tools, even if only used by officially authorized actors, means that there is a risk of the tools being exploited by threat actors.
