A mobile app designed to let people spy on others will shortly be going out of business after a server breach and mass deletion incident. The app, LetMeSpy, sits silently and invisibly on a phone and collects call logs, location data, and even text messages.
This kind of program is commonly referred to as stalkerware. As the name suggests, people aren’t doing anything good with this kind of software. You’ll most commonly see it on Android devices, put there by someone with temporary physical access. Depending on the program, it may access phone records, texts, photos, camera, microphone, GPS…you name it, it can possibly do it.
The device owner will have no idea that this is going on, because these programs come with no app icon and stay hidden.
A domestic abuser or someone up to no good generally installs the app on the phone without the victim’s consent or knowledge. Once done, it can be used to keep track of the person for as long as it remains on the device.
In this case, LetMeSpy first made notification of the breach in June, with the following message:
On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users.
As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts. For 100% clarity: Everything collected from mobile devices where the owner wouldn’t have been aware LeMeSpy was present in the first place.
Given that someone with this app on their phone could potentially be in a perilous position to begin with, it’s even worse that such an individual would have their data stolen in this way. Polish site Niebezpiecznik, which first reported the breach, said that the database dumped online contained:
- 26,000+ email addresses of the tool's "operators" along with hashes of their passwords.
- 16,000+ text messages, including passwords and codes for various services.
- Telephone numbers of people who had contacted the tracked phones.
- Telephone numbers of the people whom the tracked phone owner had called (along with the names associated with them in the contacts list).
- A database dump in SQL format, containing more data, including locations.
A terrible situation, needlessly caused by an app most folks wouldn’t want on their devices.
Well, it seems the breach was a step too far for LetMeSpy too. So much data was deleted that new users are now blocked from creating an account. A permanent shutdown will take place in August. TechCrunch notes that the app is no longer available for download, and currently installed versions seem to be completely dead, as per a network traffic analysis.
A nonprofit transparency collective called DDoSecrets told TechCrunch that the app had been used to steal data from more than 13,000 compromised devices “until recently”. This is quite a bit lower than the 236k devices the LetMeSpy website claimed to be residing on.
We recently covered the LetMeSpy hack on our Lock and Code podcast, asking (among other things) if there’s ever a situation where a hack like this could be considered “good”.
How to prevent spyware and stalkerware-type apps
- Set a screen lock on your phone and don't let anyone else access it
- Keep your phone up-to-date. Make sure you're always on the latest version of your phone's software.
- Use an antivirus on your phone. Malwarebytes for Android shows you exactly what information you're sharing with each app on Android, so you can keep an eye on your privacy. Malwarebytes detects the LetMeSpy app as Android/Monitor.LetMeSpy.
Coalition Against Stalkerware
Malwarebytes is a founding member of the Coalition Against Stalkerware. We continue to share intelligence with the Coalition Against Stalkerware to improve industry-wide detections while also guiding the domestic abuse support networks within the coalition through thorny, technical questions of detection, removal, and prevention.
We don’t just report on Android security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today.