• EagleMsgSpy is a lawful intercept surveillance tool developed by a Chinese software development company with use by public security bureaus in mainland China.
  • Early samples indicate the surveillance tool has been operational since at least 2017, with development continued into late 2024.
  • The surveillanceware consists of two parts: an installer APK, and a surveillance client that runs headlessly on the device when installed.
  • EagleMsgSpy collects extensive data from the user: third-party chat messages, screen recording and screenshot capture, audio recordings, call logs, device contacts, SMS messages, location data, network activity.
  • Infrastructure overlap and artifacts from open command and control directories allow us to attribute the surveillanceware to Wuhan Chinasoft Token Information Technology Co., Ltd. (武汉中软通证信息技术有限公司) with high confidence.