EagleMsgSpy
Intelligence Profile
According to Lookout, EagleMsgSpy is a lawful intercept surveillance tool developed by a Chinese software development company with use by public security bureaus in mainland China. Early samples indicate the surveillance tool has been operational since at least 2017, with development continued into late 2024. EagleMsgSpy collects extensive data from the user: third-party chat messages, screen recording and screenshot capture, audio recordings, call logs, device contacts, SMS messages, location data, network activity.
Through infrastructure overlap and artifacts from open command and control directories, Lookout attributes EagleMsgSpy to Wuhan Chinasoft Token Information Technology Co., Ltd. with high confidence.
Threat Analysis
EagleMsgSpy is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.
Classified as an advanced threat actor, EagleMsgSpy likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.