Topics
late
AI
Amazon
Image Credits:MirageC / Getty Images
Apps
Biotech & Health
Climate
Image Credits:MirageC / Getty Images
Cloud Computing
Commerce
Crypto
go-ahead
EVs
Fintech
fund raise
Gadgets
punt
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
distance
inauguration
TikTok
Transportation
Venture
More from TechCrunch
consequence
Startup Battlefield
StrictlyVC
newssheet
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Security researchers have uncovered a new surveillance tool that they say has been used by Chinese police force enforcement to collect sensitive entropy from Android devices in China .
The tool , nominate “ EagleMsgSpy , ” was discovered by researcher at U.S. cybersecurity firm Lookout . The society said at the Black Hat Europe conference on Wednesday that it had develop several variation of the spyware , which it tell has been operational since “ at least 2017 . ”
Kristina Balaam , a elderly intelligence researcher at Lookout , told TechCrunch the spyware has been used by “ many ” public security bureau in mainland China to collect “ extensive ” information from mobile devices . This include call logs , contacts , GPS coordinates , bookmarks , and message from third - party apps include Telegram and WhatsApp . EagleMsgSpy is also capable of initiating cover transcription on smartphones , and can capture audio recordings of the gadget while in use , according to research Lookout shared with TechCrunch .
A manual get by Lookout describes the app as a “ comprehensive mobile earphone judicial monitoring ware ” that can obtain “ real - time roving earpiece info of defendant through meshing ascendence without the defendant ’s knowledge , monitor all mobile phone activeness of criminals and summarize them . ”
Balaam said that thanks to infrastructure overlap , she assesses with “ high confidence ” that EagleMsgSpy has been explicate by a private Taiwanese engineering company foretell Wuhan Chinasoft Token Information Technology . The prick ’s infrastructure also reveals the developer ’s connectedness to public security bureaus — government offices that essentially act as local police force station — in mainland China , she say .
It ’s not yet get laid how many individuals or who have been targeted by EagleMsgSpy . Balaam said the tool is likely being used predominantly for domestic surveillance , but take down that “ anybody travel to the region could be at risk . ”
“ I think if it was just about domesticated surveillance , they would stand up up their infrastructure in some place that we could n’t access from North America , ” Balaam state . “ I think it gives us a bit of brainstorm into the fact that they ’re hoping to be able to track hoi polloi if they will , whether they are Taiwanese citizen , or not . ”
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Lookout said it also observed two IP addresses tied to EagleMsgSpy that have been used by other China - link surveillance tools , such asCarbonSteal , which has been used in previous campaigns to aim the Tibetan and Uyghur communities .
Lookout notes that EagleMsgSpy currently requires physical access to a butt gadget . However , Balaam severalize TechCrunch that the instrument is still being developed as recently as late 2024 , and said “ it ’s entirely potential ” that EagleMsgSpy could be modified to not require physical access .
Lookout noted that national documents it obtained allude to the existence of an as - yet - undiscovered iOS version of the spyware .
