What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-12 20:36:12 | Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus (lien direct) | ## Snapshot Researchers at Lookout Threat Lab have identified a new surveillance tool called EagleMsgSpy developed by a Chinese software company. ## Description Operational since at least 2017, this spyware has been used by Chinese law enforcement to extract extensive data from mobile devices. It can access third-party chat messages, call logs, device contacts, SMS messages, location data, and network activity. The tool also features screenshot and screen recording capabilities. According to Lookout\'s analysis, EagleMsgSpy includes two key components: an installer APK and a surveillance payload that operates in the background, concealing its activities from the victim. The source code reveals functions that differentiate between device platforms, suggesting the existence of both Android and iOS versions. However, researchers note that physical access to the target device is required to initiate surveillance and EagleMsgSpy has not been found on Google Play or other app stores. Lookout further reports that domain infrastructure linked to EagleMsgSpy overlaps with those associated with public security bureaus in mainland China. This connection indicates widespread use of the tool within the region. Additionally, EagleMsgSpy shares ties with other Chinese surveillance apps, such as PluginPhantom and CarbonSteal, suggesting its role in a broader ecosystem of state-sponsored surveillance targeting various groups in China. ## Microsoft Analysis and Additional OSINT Context Chinese cyber threat actors have been [widely reported](https://www.bloomberg.com/news/articles/2022-11-10/lookout-researchers-say-spyware-tied-to-china-is-targeting-apps-used-by-uyghurs?srnd=technology-vp&sref=E9Urfma4) to employ advanced surveillance tools to conduct targeted espionage against minority groups -- particularly the Uyghurs -- and against activists, journalists, and dissidents both within China and abroad. These tools are designed to quietly infiltrate devices, monitor communications, collect sensitive data, and allow for real-time tracking of individuals. In 2021, [Meta reported](https://about.fb.com/news/2021/03/taking-action-against-hackers-in-china/) that it disrupted a campaign by Earth Empusa which aimed to distribute [PluginPhantom](https://unit42.paloaltonetworks.com/unit42-pluginphantom-new-android-trojan-abuses-droidplugin-framework/) and [ActionSpy](https://www.trendmicro.com/en_us/research/20/f/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa.html) to target Uyghurs living in China and abroad in Turkey, Kazakhstan, the United States, Syria, Australia, and Canada, among other countries. Earlier this year, Lookout Threat Lab detailed [BadBazaar](https://www.lookout.com/threat-intelligence/article/badbazaar-surveillanceware-apt15), a surveillance tool attributed to APT15, tracked by Microsoft as [Nylon Typhoon](https://security.microsoft.com/intel-profiles/6c01b907db21988312af12a7569e4b53eaaeffe1c82c5acd622972735b5c95dc), used to target Tibetan and Uyghur minorities in China. At least one variant of the tool, masquerading as an app called "TibetOne" was distributed via Telegram in a channel named, "tibetanphone." ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Only install apps from trusted sources and official stores, like the Google Play Store and Apple App Store. - Never click on unknown links received through ads, SMS messages, emails, or similar untrusted sources. Use mobile solutions such as [Microsoft Defender for Endpoint](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-worldwide) on Android to detect malicious applications - Always keep Install unknown apps disabled on the Android device to prevent apps from being installed from unknown sources. - Avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong unde | Malware Tool Threat Legislation Mobile | APT 15 | ★★★ |
1
We have: 1 articles.
We have: 1 articles.
To see everything:
Our RSS (filtrered)
