Cybersecurity researcher Maia Arson Crimew, who identified the shady data collection of the Spyhide app, noted that the compromised Android devices span across every continent, with Europe, Brazil, and the US being the most heavily targeted regions.
In recent news, an Iranian stalkerware app named Spyhide has been silently gathering sensitive data from over 60,000 compromised Android devices worldwide since 2016.
The app, which functions as a stealthy phone surveillance tool, silently uploads personal data including contacts, messages, photos, call logs, and precise location in real-time.
Swiss developer and cybersecurity researcher maia arson crimew exposed the extensive data breach after gaining access to the app’s poorly coded backend databases.
Stalkerware apps, like Spyhide, are designed to spy on individuals secretly, posing a significant threat to personal privacy and safety. While some such apps market themselves as parental monitoring tools, they are commonly used by domestic violence abusers to stalk and monitor their partners without consent.
Upon investigating Spyhide’s poorly secured web-based dashboard, crimew discovered a massive trove of stolen phone data. TechCrunch, having verified the information, found that the compromised Android devices span across every continent, with Europe, Brazil, and the US being the most heavily targeted regions.
Among the alarming findings were more than 3,100 compromised devices in the US, with one device having uploaded over 100,000 location data points alone. Furthermore, the database contained records of around 750,000 users who had signed up to use Spyhide but did not necessarily compromise a phone or pay for the service.
The stolen data amounted to over 3.3 million text messages, including sensitive information such as 2FA codes and password reset links, as well as 1.2 million call logs and 312,000 call recording files. Additionally, as TC noted, the database held details of 925,000 contact lists, 382,000 photos, and an astonishing 6,000 ambient recordings surreptitiously collected from victims’ microphones.
The developers behind Spyhide attempted to conceal their identities, but the source code revealed two Iranian developers, Mostafa M. and Mohammad A., as potential culprits. Despite numerous attempts, both developers remained unresponsive to TechCrunch’s inquiries.
While Google Play Store bans stalkerware apps, Spyhide’s sideloading approach allowed it to evade Google’s security checks. However, Google Play Protect can serve as a protective measure against such threats for users who enable it.
The investigation brought to light Spyhide’s operations and led to the app’s domain becoming inaccessible shortly after. The hosting provider, German-based Hetzner, asserted that they do not permit the hosting of spyware.
With stalkerware posing a severe threat to personal privacy and security, it is crucial for users to remain vigilant and cautious when downloading apps from unverified sources. Awareness and adoption of protective measures like Google Play Protect can help thwart potential threats posed by stalkerware and malicious apps.
In conclusion, the exposure of Spyhide’s massive data breach highlights the need for increased security measures, user awareness, and stringent regulations to protect against the abuse of stalkerware and uphold personal privacy rights in the digital age.