{"id":646542,"date":"2024-12-11T17:45:15","date_gmt":"2024-12-11T14:45:15","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/researchers-uncover-chinese-spyware-used-to-target-android-devices\/"},"modified":"2024-12-11T17:45:15","modified_gmt":"2024-12-11T14:45:15","slug":"researchers-uncover-chinese-spyware-used-to-target-android-devices","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/researchers-uncover-chinese-spyware-used-to-target-android-devices\/","title":{"rendered":"#Researchers uncover Chinese spyware used to target Android devices"},"content":{"rendered":"<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Security researchers have uncovered a new surveillance tool that they say has been used by Chinese law enforcement to collect sensitive information from Android devices in China.<\/p>\n<p class=\"wp-block-paragraph\">The tool, named \u201cEagleMsgSpy,\u201d was discovered by researchers at U.S. cybersecurity firm Lookout. The company said at the Black Hat Europe conference on Wednesday that it had acquired several variants of the spyware, which it says has been operational since \u201cat least 2017.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Kristina Balaam, a senior intelligence researcher at Lookout, told TechCrunch the spyware has been used by \u201cmany\u201d public security bureaus in mainland China to collect \u201cextensive\u201d information from mobile devices. This includes call logs, contacts, GPS coordinates, bookmarks, and messages from third-party <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>s including Telegram and <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">WhatsApp<\/a>. EagleMsgSpy is also capable of initiating screen recordings on smartphones, and can capture audio recordings of the device while in use, according to research Lookout shared with TechCrunch.<\/p>\n<p class=\"wp-block-paragraph\">A manual obtained by Lookout describes the app as a \u201ccomprehensive mobile phone judicial monitoring product\u201c that can obtain \u201creal-time mobile phone information of suspects through network control without the suspect\u2019s knowledge, monitor all mobile phone activities of criminals and summarize them.\u201c<\/p>\n<p class=\"wp-block-paragraph\">Balaam said that thanks to infrastructure overlap, she assesses with \u201chigh confidence\u201d that EagleMsgSpy has been developed by a private Chinese <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> company called Wuhan Chinasoft Token Information Technology. The tool\u2019s infrastructure also reveals the developer\u2019s links to public security bureaus \u2014 government offices that essentially act as local police stations \u2014 in mainland China, she said.<\/p>\n<p class=\"wp-block-paragraph\">It\u2019s not yet known how many individuals or who have been targeted by EagleMsgSpy. Balaam said the tool is likely being used predominantly for domestic surveillance, but notes that \u201canybody <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/trip-and-travel\/\" data-internallinksmanager029f6b8e52c=\"10\" title=\"Trip &amp; Travel\" target=\"_blank\" rel=\"noopener\">travel<\/a>ing to the region could be at risk.\u201d<\/p>\n<p class=\"wp-block-paragraph\">\u201cI think if it was just about domestic surveillance, they would stand up their infrastructure in some place that we couldn\u2019t access from North America,\u201d Balaam said. \u201cI think it gives us a bit of insight into the fact that they\u2019re hoping to be able to track people if they leave, whether they are Chinese citizens, or not.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Lookout said it also observed two IP addresses tied to EagleMsgSpy that have been used by other China-linked surveillance tools, such as <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.lookout.com\/documents\/threat-reports\/us\/lookout-uyghur-malware-tr-us.pdf\">CarbonSteal<\/a>, which has been used in previous campaigns to target the Tibetan and Uyghur communities.<\/p>\n<p class=\"wp-block-paragraph\">Lookout notes that EagleMsgSpy currently requires physical access to a target device. However, Balaam told TechCrunch that the tool is still being developed as recently as late 2024, and said \u201cit\u2019s entirely possible\u201d that EagleMsgSpy could be modified to not require physical access.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Lookout noted that internal documents it obtained allude to the existence of an as-yet-undiscovered iOS version of the spyware.\u00a0<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2024\/12\/11\/researchers-uncover-chinese-spyware-used-to-target-android-devices\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researchers have uncovered a new surveillance tool that they say has been used by Chinese law enforcement to collect sensitive information from Android devices in China. The tool, named \u201cEagleMsgSpy,\u201d was discovered by researchers at U.S. cybersecurity firm Lookout. The company said at the Black Hat Europe conference on Wednesday that it had acquired&#8230;<\/p>\n","protected":false},"author":1,"featured_media":646543,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/08\/GettyImages-1331046491.jpg?resize=1200,800","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[75857,39382,4973,70375,72287,151937,81180],"class_list":["post-646542","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-malware","tag-android","tag-china","tag-cybersecurity","tag-security","tag-spyware","tag-surveillance"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/646542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=646542"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/646542\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/646543"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=646542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=646542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=646542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}