A security vulnerability has managed to reveal data of thousands of Catwatchful customers, including its administrator. This bug was discovered by security researcher, Eric Daigle, reports TechCrunch.
Catwatchful stalkerware app has experienced karma in the best possible way
It is reported that a full database of the app’s email addresses and plaintext passwords were spilled. Catwatchful customers use this data to access the data that has been stolen from the phones of their victims.
To put things into perspective, Catwatchful is a spyware that pretends to be a child monitoring app. It claims to be “invisible and cannot be detected”. If successfully planted, the person who planted it can get private content from the phone the app is placed on.
The stolen data includes the victim’s photos, messages, and real-time location data. It can also remotely tap into the live ambient audio from the phone’s microphone, and on top of that, access both front and rear phone cameras.
Apps like these usually need to be placed manually on a victim’s phone
Needless to say, apps like these are banned from the app stores, and usually rely to being downloaded and planted by someone with physical access to a specific phone. Therefore, they’re called ‘stalkerware’ apps.
What is interesting is that it’s at least the fifth spyware operation this year that has experienced a data spill.
TechCrunch has seen the Catwatchful database from early June, and it contained email addresses and passwords for more than 62,000 customers. On top of that, it also contained the phone data from 26,000 victim devices.
Most of the devices that ended up being compromised were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia. Some of these records actually go way back, to 2018, according to the data.
The post Catwatchful Stalkerware Leak Is the Best Karma We’ve Seen All Week appeared first on Android Headlines.
