Chinese Officers Found Tracking Cell Phones with Android Spyware

Since at least 2017, a surveillance tool called EagleMeSpy has been collecting the most private information from targeted Android smartphones. The program was created by a Chinese software business and is authorized for use by the nation's public security bureaus. Lookout researchers caution that the EagleMeSpy spyware has been continuously evolving, and although they have only found evidence of an Android version thus far, an examination of the tool's infrastructure suggests that there may also be an Apple iOS version out there.

Chinese Officers Found Tracking Cell Phones with Android Spyware

Since at least 2017, a surveillance tool called EagleMeSpy has been collecting the most private information from targeted Android smartphones. The program was created by a Chinese software business and is authorized for use by the nation's public security bureaus. Lookout researchers caution that the EagleMeSpy spyware has been continuously evolving, and although they have only found evidence of an Android version thus far, an examination of the tool's infrastructure suggests that there may also be an Apple iOS version out there.

The Lookout team discovered that, in contrast to other commercial spyware programs, EagleMeSpy needs physical access to the targeted device to activate the tool. After finding no indication of the spyware in Google Play or any other app marketplaces, the researchers concluded that Chinese law enforcement officials are the only ones initiating the surveillance software infection. 

"An installer component, which would presumably be operated by law enforcement officers who gained access to the unlocked device, is responsible for delivering a headless surveillance module that remains on the device and collects extensive sensitive data," the research from Lookout stated.

EagleMsgSpy collects everything it can after installation, according to Lookout, including contacts, screen and audio recordings, chat, and text messages, call records, location information, and network activities. There is more proof that the spyware's creator has several customers. "Lookout researchers have observed an evolution in the sophistication of the use of obfuscation and storage of encrypted keys over time," the study stated. "This indicates that this surveillanceware is an actively maintained product whose creators make continuous efforts to protect it from discovery and analysis."