In a shocking revelation, it has been discovered that Spyhide, a stalkerware-type app, has left around 60,000 Android devices compromised. This poorly-coded app is so riddled with vulnerabilities that hackers can easily gain unauthorized access to its back-end databases, potentially putting the privacy of thousands at risk. The revelation came to light when hacktivist maia arson crimew revealed her findings to TechCrunch, exposing the extent of this dangerous situation dating back to 2016.
Stalkerware apps like Spyhide operate covertly, surreptitiously uploading various sensitive data from victim devices. This includes everything from contacts and messages to photos, call logs, and real-time location tracking. By definition, stalkerware refers to software and apps designed to secretly spy on someone’s private life through their mobile devices. While some companies market these tools as parental monitoring solutions, they are often misused, becoming tools for stalking and intrusive surveillance.
The most alarming aspect is that the main users of stalkerware tend to be domestic violence abusers who install these apps on their partner’s devices without their knowledge or consent, violating their privacy and perpetuating a cycle of control.
During her appearance on the Malwarebytes podcast Lock & Code, crimew unveiled the shocking truth about Spyhide and similar apps. She highlighted the significant security flaws and careless coding practices that render these apps highly vulnerable to compromise.
Crimew shared her own experiences with hacking Spyhide, revealing how she successfully downloaded the app’s full source code and git history for the account panel. This breakthrough allowed her to understand how data uploads from victim devices were managed. In a remarkable feat, she deployed a web shell that facilitated the download of approximately 230GB of stalkerware data. The data breach revealed that a staggering 60,000 devices had fallen victim to Spyhide’s surveillance network.
TechCrunch conducted an analysis of the data, shedding light on the global reach of Spyhide’s surveillance network. The app has a chilling presence on every continent, with Europe and Brazil being the primary hotspots of thousands of victims. Surprisingly, the United States was not immune, with over 3,100 compromised devices. This data alone made US victims among the most intensely surveilled on the network, owing to the massive quantity of location data collected.
The Spyhide hack serves as a wake-up call for users to be vigilant about the apps they install on their devices. It also underscores the urgent need for stricter regulations and measures to curb the misuse of stalkerware. As we navigate the digital age, safeguarding our digital privacy and security should be a top priority. Awareness and education about stalkerware and other privacy-invasive apps are crucial to protect individuals from falling victim to such insidious cyber threats.