Chinese provincial security teams used spyware to collect texts, audio recordings

Category	Details
Threat Actors	Chinese public security bureaus, Lookout researchers, Wuhan Chinasoft Token Information Technology.
Campaign Overview	Spyware named EagleMsgSpy used across multiple Chinese provinces since 2017; tool continuously developed with new features to steal extensive data.
Target Regions (Or Victims)	Targets include Chinese citizens, various messaging apps users (QQ, Viber, WhatsApp, Telegram, WeChat), minority groups (Uyghurs, Tibetans).
Methodology	Surveillance tool installed on Android devices, potential installation on Apple devices. Installed via USB or QR code; data collected through a staging area before being sent to an external server.
Product Targeted	Android devices, potentially Apple devices, messaging apps (QQ, Viber, WhatsApp, Telegram, WeChat).
Malware Reference	EagleMsgSpy, PluginPhantom, CarbonSteal.
Tools Used	Installer and application for EagleMsgSpy; administrative panel with location maps, contact lists, real-time photo and audio recording features.
Vulnerabilities Exploited	Installation through physical access or QR codes, obfuscation techniques to evade detection, hidden tool installations on devices.
TTPs	Extensive data collection (SMS, calls, location, apps), surveillance integration with administrative panels, hiding malware presence on phones, geolocation tracking.
Attribution	Linked to Chinese public security bureaus, Wuhan Chinasoft Token Information Technology, potential ties to Topsec, PluginPhantom, and CarbonSteal tools.
Recommendations	Strengthen device-level security checks, implement robust monitoring to detect surveillanceware, limit physical access to devices, educate users on surveillance risks.
Source	The Record

Read full article: https://therecord.media/chinese-provincial-security-teams-use-spyware-collect-texts-location

The above summary has been generated by an AI language model