A group of hackers has targeted the creators of a widely used mobile spyware application. The hackers successfully erased all the data that the company had collected on its targets.
This action also revealed the identities of the individuals or groups that were funding and utilizing the malicious spyware service.
An investigation conducted by TechCrunch, prompted by a tip from a nonprofit organization DDoSecrets, focused on revealing data leaks and uncovered a substantial dataset of approximately 1.5GB.
This dataset had been provided by an anonymous hacking collective. The hacking group asserted that the dataset originated from WebDetetive, a mobile spyware application tailored for the Portuguese-speaking user base. Most of the targets were situated in Brazil, according to reports.
Hackers Saved Thousands of People From Spyware Activities
The hackers informed DDoSecrets that they had identified several vulnerabilities within WebDetetive’s system and endpoints. Exploiting these weaknesses granted them access to the database.
During their infiltration, they discovered that around 76,000 Android devices had fallen prey to the spyware. This malicious software had been gathering a wide range of private and sensitive data from these devices.
Contrary to the expected action of stealing victim information and making it public, the collective chose a different path. They decided to erase the devices from the spyware’s network, effectively neutralizing its functionality. As a result, the compromised devices could no longer transmit new data to the spyware’s server.
The group said it did this “because we could.” They also generated a different database (the one shared with DDoSecrets) and filled it with information on the people who were using WebDetetive’s services.
The dataset contains customer IP addresses along with their buying records. It further encompassed comprehensive information regarding each customer’s compromised devices, the specific version of the spyware that had been installed, and the categories of stolen data.
WebDetetive falls within the category of software referred to as “stalkerware,” a subset of spyware typically installed on victims’ phones without their knowledge or consent.
Such installations are often carried out by partners or spouses who harbor suspicions of infidelity, although the motivations can extend to more malicious purposes.
Moreover, there seems to be a link between WebDetetive and another spyware named OwnSpy, which originates from Spain. TechCrunch’s investigation unveiled that the Android app of WebDetetive contains a substantial amount of reused code from OwnSpy.
Following TechCrunch’s communication with the developer, certain components of OwnSpy’s infrastructure reportedly became inaccessible.
Google Moves to Secure Users from Ads Focused on Spyware
Reportedly, Google has taken down multiple advertisements that were promoting and endorsing applications designed explicitly for tracking or monitoring individuals without their consent.
A spokesperson from Google informed TechCrunch that advertisements endorsing spyware for partner surveillance are not permitted.
They promptly removed the advertisements that violated this policy and stated their commitment to monitoring evolving tactics aimed at circumventing their detection systems to thwart malicious actors.
However, TechCrunch discovered that five developers were still advertising stalkerware apps despite this ban.
Notably, Spyware or stalkerware applications are not accessible through official app stores like the Play Store or App Store. Instead, they can be downloaded from third-party platforms and various online sources.
These apps enable purchasers to install an almost imperceptible application on the targeted device, thereby collecting data like call records, text messages, media files, GPS location, and other information.