A surveillance program known as Spyzie has affected over 500,000 Android phones and various iOS devices, as revealed by a security expert.
Many of the users whose devices were compromised likely have no idea that their data is at risk.
The security expert informed TechCrunch that Spyzie shares vulnerabilities with Cocospy and Spyic, two similar stalkerware applications. This flaw, which has already exposed data of over 2 million individuals, gives unauthorized access to personal information like messages and location data from the affected devices.
Additionally, this bug reveals the email addresses of Spyzie users who attempt to monitor someone else’s device.
The researcher gathered 518,643 unique email addresses linked to Spyzie users and shared this information with TechCrunch and Troy Hunt, who runs the Have I Been Pwned service for data breach alerts.
This incident highlights the rising prevalence of phone surveillance apps, even those that seem obscure like Spyzie. Despite having little online visibility and facing ad bans from Google, they continue to attract many paying customers.
Combined, Cocospy, Spyic, and Spyzie serve over 3 million users.
These security gaps expose both customer data and the private information of those being monitored. Even parents using these apps for child monitoring, while legal, risk their children’s data being accessed by hackers.
Since 2017, Spyzie becomes the 24th stalkerware operation that has leaked sensitive data due to poor security practices.
Spyzie’s team did not respond to TechCrunch’s inquiries, and the security flaw remains unresolved.
Hidden Apps and Compromised Apple Credentials
Spyzie and similar apps like Cocospy and Spyic are crafted to conceal themselves on victims’ devices. Victims often can’t spot these apps as they stealthily upload personal data to the spy’s servers.
Data shared with TechCrunch indicates that the majority of Spyzie’s victims are Android users. The app needs physical access to install, which is frequently done by someone who knows the victim’s device passcode.
This is particularly common in abusive relationships, where one partner often knows the other’s phone passcode.
The data also indicates Spyzie has affected at least 4,900 iPhones and iPads.
Apple has stricter app regulations, so stalkerware typically accesses a victim’s data stored in iCloud using their Apple login credentials rather than installing directly on the device.
Records show that the first compromised Apple users date back to February 2020 and as recently as July 2024.
Removing Spyzie Stalkerware
While it’s tough to pinpoint individual victims from the leaked data, there are ways to check if your phone is compromised by Spyzie.
For Android Users: If Spyzie is hidden, you can often dial ✱✱001✱✱ in your phone’s dialer. Doing this should reveal the app if it’s installed.
This code serves as a backdoor for accessing the app, allowing both the installer and potential victims to check its presence.
TechCrunch provides a thorough guide on removing Android spyware and enhancing your device’s security settings.
It’s also wise to have a safety plan ready since disabling spyware might alert the person who installed it.
For iPhone and iPad Users: Spyzie accesses your data via your Apple Account credentials stored in iCloud. Make sure to enable two-factor authentication for added security and check for any unfamiliar devices linked to your account by visiting your Apple Account settings.
If someone you know may need assistance, the National Domestic Violence Hotline (1-800-799-7233) offers free, confidential support around the clock to victims of domestic abuse. In emergencies, don’t hesitate to call 911. The Coalition Against Stalkerware provides resources for anyone suspecting their phone has been compromised by spyware.
Source link
Android,Apple,Exclusive,Have I Been Pwned,iPad,iPhone,Spyware,stalkerware
