Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server
Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server
The Portuguese-language spyware app has been used to compromise over 76,000 devices to date, the leaked data shows.
The hackers said that dashboard access also allowed them to delete victim devices from the spyware network altogether, effectively severing the connection at the server level to prevent the device from uploading new data. “Which we definitely did. Because we could. Because #fuckstalkerware,” the hackers wrote in the note.
The world needs more digital vigilantes
This could actually lead to negative outcomes for victims, if their attacker/stalker gets a notification that the connection is broken (the article also mentions this toward the end).
So while yes, it needs to be done safely.
Very true
Once planted, the app changes its icon on the phone’s home screen, making the spyware difficult to detect and remove. WebDetetive then immediately begins stealthily uploading the contents of a person’s phone to its servers, including their messages, call logs, phone call recordings, photos, ambient recordings from the phone’s microphone, social media apps, and real-time precise location data.
Leaving this information in servers accessible to anyone willing to put a few dozen hours into picking away at them is terrifyingly negligent. The market for this app is parents and significant others, people who traditionally care about you. At that point, you’ve already failed them and yourself.
Crazy times
This is the best summary I could come up with:
A Portuguese-language spyware called WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil.
In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases.
DDoSecrets, a nonprofit transparency collective that indexes leaked and exposed datasets in the public interest, received the WebDetetive data and shared it with TechCrunch for analysis.
But while the breached data itself reveals few clues about WebDetetive’s administrators, much of its roots can be traced back to OwnSpy, another widely used phone spying app.
We ran a network traffic analysis to understand what data was flowing in and out of the WebDetetive app, which found it was a largely repackaged copy of OwnSpy’s spyware.
By TechCrunch’s count, at least a dozen spyware companies in recent years have exposed, spilled, or otherwise put victims’ stolen phone data at risk of further compromise because of shoddy coding and easily exploitable security vulnerabilities.
The original article contains 1,244 words, the summary contains 175 words. Saved 86%. I'm a bot and I'm open source!