A newly discovered surveillance tool, dubbed "EagleMsgSpy," has been used by Chinese law enforcement to collect sensitive information from Android devices in China, according to security researchers at U.S. cybersecurity firm Lookout. The tool, which has been operational since at least 2017, is capable of stealing extensive data from mobile devices, including call logs, contacts, GPS coordinates, bookmarks, and messages from third-party apps like Telegram and WhatsApp.

The researchers, who presented their findings at the Black Hat Europe conference on Wednesday, acquired several variants of the spyware and analyzed its capabilities. According to Kristina Balaam, a senior intelligence researcher at Lookout, EagleMsgSpy has been used by "many" public security bureaus in mainland China to monitor mobile devices. The tool can also initiate screen recordings on smartphones and capture audio recordings of the device while in use.

A manual obtained by Lookout describes the app as a "comprehensive mobile phone judicial monitoring product" that can obtain "real-time mobile phone information of suspects through network control without the suspect's knowledge, monitor all mobile phone activities of criminals and summarize them." This suggests that the tool is designed for widespread surveillance, potentially targeting individuals traveling to China.

Balaam assessed with "high confidence" that EagleMsgSpy was developed by a private Chinese technology company called Wuhan Chinasoft Token Information Technology, citing infrastructure overlap and links to public security bureaus in mainland China. The tool's infrastructure also reveals connections to other China-linked surveillance tools, such as CarbonSteal, which has been used in previous campaigns to target the Tibetan and Uyghur communities.

While it's unclear how many individuals have been targeted by EagleMsgSpy, Balaam notes that the tool is likely being used predominantly for domestic surveillance. However, she warns that "anybody traveling to the region could be at risk" of being monitored. The fact that the infrastructure is accessible from North America suggests that the developers may be planning to track individuals beyond China's borders.

Currently, EagleMsgSpy requires physical access to a target device. However, Balaam believes that it's "entirely possible" that the tool could be modified to not require physical access, making it an even more potent surveillance tool. Lookout also notes that internal documents allude to the existence of an as-yet-undiscovered iOS version of the spyware.

The discovery of EagleMsgSpy raises concerns about the widespread use of surveillance tools by governments and private companies. As the global surveillance landscape continues to evolve, it's essential for individuals to remain vigilant about their digital privacy and security. The uncovering of EagleMsgSpy serves as a reminder of the importance of protecting our personal data and holding those who abuse their power accountable.

The full implications of EagleMsgSpy are still unfolding, but one thing is clear: the need for transparency and accountability in the development and use of surveillance tools has never been more pressing. As the tech community continues to grapple with the ethical implications of these tools, it's essential that we prioritize the protection of individual privacy and security.