Another major spyware app has been hacked, with thousands of victims saved

Messaging
(Image credit: Future)

Hackers have attacked the makers of a widepsread mobile spyware tool, destroying all of the data the company gathered on its victims while exposing the malicious actors who were paying for the spyware service. 

A report by TechCrunch, tipped off by DDoSecrets, a nonprofit transparency group that documents data leaks, examined a large database - 1.5GB in size - it received from an unnamed hacking group, claiming the database came from WebDetetive, a mobile spyware app built for the Portuguese-speaking community. 

The majority of the victims were located in Brazil, it was said.

Flipping the script

The hackers told DDoSecrets that they found multiple vulnerabilities in WebDetetive’s infrastructure and endpoints which allowed them to access the database. While inside, they uncovered that some 76,000 Android devices were victims of the spyware, which was harvesting all sorts of private and sensitive information.

However, instead of stealing the victim data and posting it online, the group deleted their devices from the spyware’s network, rendering it useless. The infected devices were no longer able to send new data to the spyware’s server. The group said it did this “because we could.” They also generated a different database (the one shared with DDoSecrets) and filled it with information on the people who were using WebDetetive’s services.

The data included customer IP addresses and their purchase history. It also included all of the devices each customer infected, which version of the spyware was installed, and the type of data that was being stolen. 

Spyware, or stalkerware apps, are not available on official app stores, such as the Play Store or the App Store. They can be installed from third-party stores and other places on the internet, and allow the buyers to install an almost invisible app on the victim’s device and gather information on calls, text messages, photos and videos, GPS data, and more.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.