HOMETHREATSEagleMsgSpy
MALWARE FAMILY🕵️ ESPIONAGEADVANCED

EagleMsgSpy

Internal ID: apk.eagle_msg_spy
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Lookout, EagleMsgSpy is a lawful intercept surveillance tool developed by a Chinese software development company with use by public security bureaus in mainland China. Early samples indicate the surveillance tool has been operational since at least 2017, with development continued into late 2024. EagleMsgSpy collects extensive data from the user: third-party chat messages, screen recording and screenshot capture, audio recordings, call logs, device contacts, SMS messages, location data, network activity.

Through infrastructure overlap and artifacts from open command and control directories, Lookout attributes EagleMsgSpy to Wuhan Chinasoft Token Information Technology Co., Ltd. with high confidence.

Threat Analysis

EagleMsgSpy is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

Classified as an advanced threat actor, EagleMsgSpy likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.

External References

Quick Facts

TypeMalware Family
Motivation🕵️ espionage
Sophisticationadvanced
Aliases1

Also Known As

apk.eagle_msg_spy

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
EagleMsgSpy — Malware Family | Threat Intelligence | CTIWATCH.COM