creepy looking eye staring at the oberver

60,000 Androids have stalkerware-type app Spyhide installed

Stalkerware-type app Spyhide is coded so badly that it’s possible to gain access to the back-end databases and retrieve data about everyone that has the app on their device. And it’s not a small number. Hacktivist maia arson crimew told TechCrunch she’d found 60,000 compromised Android devices, dating back to 2016.

Spyhide, like many other stalkerware-type apps “silently and continually uploads the phone’s contacts, messages, photos, call logs and recordings, and granular location in real time.”

By definition, stalkerware are tools – software programs, apps and devices – that enable someone to secretly spy on another person’s private life via their mobile device. Many stalkerware applications market themselves as parental monitoring tools, but they can be and often are used to stalk and spy on a person. The most common users of stalkerware are domestic violence abusers, who load these programs onto their partner’s computer or mobile device without their knowledge.

In fact, crimew recently was a guest on Malwarebytes podcast Lock & Code, revealing how easy many of these apps can be compromised due to bad coding and a careless security posture.

Writing about the SpyHide hack, crimew describes how it was possible to download the full source code and git history for the account panel of SpyHide. From there she figured out how data uploads from victim devices worked and managed to upload a web shell that helped download around 230GB of stalkerware data. The data showed that between 2016 and the server takeover, around 60k devices had been compromised.

TechCrunch’s analysis of the data shows Spyhide’s surveillance network spans every continent, with clusters of thousands of victims in Europe and Brazil. The US has more than 3,100 compromised devices, a fraction of the total number worldwide, yet the US victims are still some of the most surveilled victims on the network by the quantity of location data alone.

If you are thinking about installing such an app, and you are reading this:

  1. Don’t!
  2. It definitely is illegal in almost every country, unless it’s done with consent of the government itself.
  3. We have never heard of anyone who was able to solve a problem by using stalkerware. Usually resorting to stalkerware only makes it worse.
  4. Consider the consequences of someone finding out what you did and remember that is a distinct possibility.
  5. Listen to this podcast.

Malwarebytes, as one of the founding members of the Coalition Against Stalkerware makes it a priority to detect and remove stalkerware from your device. It is good to keep in mind however that by removing the stalkerware you will alert the person spying on you that you know the app is there. But should you require help removing it, Malwarebytes for Android detects Spyhide as Android/Monitor.Spyhide. 


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.