Cybersecurity firm Lookout has discovered a sophisticated surveillance tool called "EagleMsgSpy" that Chinese law enforcement agencies have been using to collect sensitive data from Android devices since 2017.
According to findings presented at the Black Hat Europe conference, the spyware can capture extensive information including call logs, contacts, GPS coordinates, bookmarks, and messages from apps like Telegram and WhatsApp. The tool can also record device screens and capture audio while the device is in use.
Internal documents describe EagleMsgSpy as a "comprehensive mobile phone judicial monitoring product" designed to covertly gather real-time information from suspects' devices. The research links the spyware's development to Wuhan Chinasoft Token Information Technology, a private Chinese tech company.
While the spyware currently requires physical access to install, researchers warn it's still under active development. "The tool is likely focused on domestic surveillance, but anyone traveling to the region could potentially be at risk," said Kristina Balaam, senior intelligence researcher at Lookout.
The investigation revealed infrastructure overlaps between EagleMsgSpy and other China-linked surveillance tools like CarbonSteal, previously used to target Tibetan and Uyghur communities. Researchers also found evidence suggesting an iOS version may exist but remains undiscovered.
The spyware's infrastructure indicates it could be used to track targets even after they leave China. "The setup suggests they want to maintain surveillance capabilities beyond their borders," Balaam noted.
This discovery provides new insights into the expanding digital surveillance apparatus within China and raises concerns about privacy risks for both Chinese citizens and international travelers carrying mobile devices into the region.