Security flaw in popular stalkerware apps is exposing phone data of millions

Cocospy and Spyic were found to be leaking sensitive information
The developers are not responding and the bugs have not been fixed
People’s photos, messages, call logs, and more, are at risk

Email addresses, text messages, call logs, photographs, and other sensitive data, belonging to millions of people may have been exposed online thanks to a pair of faulty spyware applications.

Spyware apps, often also called “spouseware”, are apps that people covertly install on mobile devices belonging to their partners, children, or similar. They are advertised as legitimate monitoring apps, but are essentially operating in the grey zone and are not allowed on major app stores, such as the App Store or Play Store.

A cybersecurity researcher recently analyzed Cocospy and Spyic, two popular spyware apps whose code apparently has significant overlaps which allowed the researcher to pull sensitive information from their servers.

Email addresses and more

TechCrunch, which first reported on the findings, said the bug was “relatively simple to exploit”, but in order to protect the victims, decided not to share any details at this time.

When a person wants to install the spyware on someone else’s device, they first need to use an email address to register an account.

The researcher managed to exfiltrate 1.81 million of email addresses used to register with Cocospy, and roughly 880,000 addresses used for Spyic. Besides email addresses, the researcher managed to access most of the data harvested by the apps, including pictures, messages, and call logs.

Due to the nature of the apps, the developers try their best to remain hidden and out of reach. TechCrunch deduced that the developers are most likely of Chinese origin, but could not say for certain – although there is some evidence that the developer might be 711.icu, whose website isn’t even loading.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The operators did not respond to media inquiries and have not, at press time, addressed the vulnerabilities.

You might also like

https://cdn.mos.cms.futurecdn.net/JNBjVrf2yTKXdJJAu668UJ-1200-80.png

Source link

TerraMaster T12-500 Pro review | TechRadar

UFC Fight Night 252 live stream: how to watch Cejudo vs Song

Meaco 12L Low Energy Dehumidifier review: functional and cost-effective

Verizon’s iPhone 16e deal can get you the device for free – here’s why I’d buy the iPhone 16 instead

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Strategist explains how much gold should investors own

Bali bombing survivor fears losing life-saving aid to Indonesia's budget cuts

U.S. piles pressure on Iraq to resume Kurdish oil exports, sources say

ECB's Villeroy reaffirms deposit rates could be at 2% by this summer

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Security flaw in popular stalkerware apps is exposing phone data of millions

Strategist explains how much gold should investors own

Bali bombing survivor fears losing life-saving aid to Indonesia's budget cuts

U.S. piles pressure on Iraq to resume Kurdish oil exports, sources say

TerraMaster T12-500 Pro review | TechRadar

Leave a reply Cancel reply