Source: Vicky Barlow via Alamy Stock Photo
NEWS BRIEF
A surveillance tool named EagleMeSpy, developed by a Chinese software company for legal use by the country's public security bureaus, has been scraping the most sensitive data from targeted Android devices since at least 2017.
Researchers at Lookout warn that the EagleMeSpy spyware has been under constant development, and while at the moment they have only seen evidence of an Android version, analysis of the tool's infrastructure indicates a potential Apple iOS version is out there somewhere as well.
Unlike other commercial spyware products, EagleMeSpy requires physical access to the targeted device to deploy the tool, the Lookout team found. The researchers reported they found no evidence of the spyware in Google Play or any other app stores, leading them to conclude Chinese law enforcement officials are the only ones initiating the surveillance software infection.
"An installer component, which would presumably be operated by law enforcement officers who gained access to the unlocked device, is responsible for delivering a headless surveillance module that remains on the device and collects extensive sensitive data," the Lookout report read.
Once installed, EagleMsgSpy gathers everything it can, including chat and text messages, screen and audio recordings, call logs, contacts, location data, and network activity, Lookout said. Additional evidence shows the vendor behind the spyware has multiple clients.
"Lookout researchers have observed an evolution in the sophistication of the use of obfuscation and storage of encrypted keys over time," the report warned. "This indicates that this surveillanceware is an actively maintained product whose creators make continuous efforts to protect it from discovery and analysis."