Navigation
Recherche
|
Data Breach Reveals Catwatchful 'Stalkerware' Is Spying On Thousands of Phones
jeudi 3 juillet 2025, 05:30 , par Slashdot
![]() Most of the compromised devices were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia (in order of the number of victims). Some of the records date back to 2018, the data shows. The Catwatchful database also revealed the identity of the spyware operation's administrator, Omar Soca Charcov, a developer based in Uruguay. Charcov opened our emails, but did not respond to our requests for comment sent in both English and Spanish. TechCrunch asked if he was aware of the Catwatchful data breach, and if he plans to disclose the incident to its customers. Without any clear indication that Charcov will disclose the incident, TechCrunch provided a copy of the Catwatchful database to data breach notification service Have I Been Pwned. The stalkerware operation uses a custom API and Google's Firebase to collect and store victims' stolen data, including photos and audio recordings. According to Daigle, the API was left unauthenticated, exposing sensitive user data such as email addresses and passwords. The hosting provider temporarily suspended the spyware after TechCrunch disclosed this vulnerability but it returned later on HostGator. Despite being notified, Google has yet to take down the Firebase instance but updated Google Play Protect to detect Catwatchful. While Catwatchful claims it 'cannot be uninstalled,' you can dial '543210' and press the call button on your Android phone to reveal the hidden app. As for its removal, TechCrunch has a general how-to guide for removing Android spyware that could be helpful. Read more of this story at Slashdot.
https://yro.slashdot.org/story/25/07/03/0023253/data-breach-reveals-catwatchful-stalkerware-is-spyin...
Voir aussi |
56 sources (32 en français)
Date Actuelle
jeu. 3 juil. - 14:01 CEST
|