There has been an attack on the makers of a tool that is widely used to track mobile devices, which destroyed all the data that was gathered on the victims and exposed those who were paying for the spyware to buy access to the information.
According to a recent report on TechCrunch, there are more than 76,000 Android devices, mostly in Brazil, which are compromised by Portuguese language software called WebDetective, a software spy. However white hat hackers claim that they have removed all user data and information from the servers, which could be helpful to thousands of people around the world.
The report indicates that Web Detective conducted a vulnerability discovery and exploiting effort anonymously in order to exploit vulnerable servers. It has been reported that hackers accessed user databases and downloaded records from the company's software spy by hacking into the web panel of the software spy.
It was discovered and exploited that there were security vulnerabilities in the software by unidentified hackers. The compromise of WebDetective's servers also allowed them to gain access to the clients' databases by hacking into WebDetective's servers. There is also an allegation that the hackers were able to disconnect the connection to the devices of the victims and block the new data from being downloaded from those devices.
It was reported that the hacking of the panel resulted in the hackers also getting access to the victim's devices through the panel, which allowed them to cut off the connection between their devices and WebDetetive's servers.
It was stated by the hackers that the devices would not be able to send new data to WebDetective due to this denial of service attack.
In recent times, WebDetetive has been hacked more times than other spyware products, including FusionScan.
There was a hacking attempt in June 2023 against a Polish phone tracking app LetMeSpy, which resulted in the exposed data on the victims' devices being deleted from the spyware maker's servers.
An application called WebDetective can provide a variety of services that can be installed without the consent of their owner. Using this software, the content of the user's phone is uploaded invisibly to a server to have access to its contents, including messages, call logs, call records, photos, etc. This is the second spyware attack by hackers within the last few months that has been used to destroy data. LetMeSpy spy app previously became inoperable after it was hacked, resulting in a suspension of service.
A non-profit organization called DDoSecrets gathered WebDetetive's data and made it available for analysis by submitting it to researchers. According to the information released by WebDetetive, at the time when the leak occurred, 76,794 devices had been compromised by WebDetetive.
Recently there has been an increase in the number of Android owners in South America, mainly Brazil, that have been victimized by spyware. It should be noted that although this is so, WebDetective is not equipped to analyze customers, as the signup process for WebDetective does not automatically verify an email address from the customer.
There is not much information available about WebDetetive, other than its surveillance capabilities. A significant part of the reputational and legal risks associated with spyware makers is the fact that they normally conceal or obfuscate their real-world identities.
As it turns out, WebDetetive came from OwnSpy, another popular phone spy app that has roots that can be traced back to OwnSpy. The analysis of network traffic revealed that the WebDetetive app was basically a repackaged version of the OwnSpy spyware, and it was still referred to as OwnSpy in WebDetetive's user agent, and the app was the same thing.
While it was possible to steal the files of the victims and post them online, instead the group was able to delete them from the spyware's network. In this way, the devices were rendered useless.
The infected devices couldn't transmit new data to the spyware's server as it had stopped sending new data to it. According to the group, it executed the attack "because we could." They also created a separate database, which shared information with DDoSecrets, to keep track of the people who used WebDetective's services, as well as the IP addresses of the users.
The shoddy coding and numerous vulnerabilities associated with these apps are what make them known as "stalkerware" and "spouseware" as well as their many other names. It has been reported that dozens of spyware apps have been found to have security vulnerabilities, putting the data of victims' phones at risk in recent years.
It is becoming increasingly common for antivirus producers to include stalker ware in the list of apps their products detect on computers and phones; victim support groups assist people in determining if their devices are infected and how they can remove the malicious software from their devices; app stores are banning stalker ware and pulling their advertising from the site, and law enforcement is investigating silverware makers and their customers and arresting them.
It appears that TechCrunch, a technology news site, has launched a free spyware lookup tool that will make it easier for people to detect a family of stalkerware apps that have been investigated by Zack Whittaker. With the help of this tool, users can find out if their Android device has been compromised on a leaked list of compromised devices that has been compiled by TechCrunch. To monitor private messages, voicemails, internet browsing, passwords, and location data, these apps can be secretly installed onto devices or laptops, allowing perpetrators to access these in real time without users knowing or consenting.
For the tool to be able to match the identification numbers of the device suspected to be infected, users must use devices other than the device that might be infected—the IMEI or unique advertising ID number of the device they suspect is infected. These numbers will be compared to a list of devices that have been compromised by this family of stalkerware apps that have been leaked. There are hundreds of thousands of Android devices on the list, all of which have been infected with one or more of the nine spyware apps the company has developed before April.
Users will be able to tell whether their device identification numbers match or are likely to match those on the TechCrunch list, if they do not match those numbers, and why they do not match them.
Upon suspecting the phone to be infected with stalkerware, users can check the device for signs of lurking stalkerware applications. A guide provided by TechCrunch explains how to find proof of your phone being compromised promptly.
A guide has also been made available by Cornell Tech's Clinic to End Tech Abuse (CETA), part of its website. The stalkerware apps discovered on your device can easily be removed from your device once they have been found.
As stalkerware is always evolving and changing, survivors of domestic abuse and those who are concerned about stalkerware face a shifting threat landscape when it comes to stalkerware, which can be very frightening. This new research from TechCrunch, as well as the newly launched tool that they have developed, may help many Android users gain peace of mind regarding their security.
The more researchers monitor the stalkerware ecosystem, the more difficult it will be to spy on Android devices on an impermissible basis and the more expensive it will be to spy on them.