A spyware vendor in South America has been breached by hackers who managed to scrape user data before deleting devices from the company’s network.
The Portuguese-language WebDetetive, an offshoot of the better-known OwnSpy, was hacked by motivated threat actors who “found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases,” according to TechCrunch.
The unnamed hackers reportedly exploited several more flaws in the vendor’s web dashboard and gained access to data belonging to the people whose phones got infected with the spyware/stalkerware solution.
“The hackers said they enumerated and downloaded every dashboard record, including every customer’s email address,” according to the report.
The attackers also deleted victim devices from the spyware network to prevent the phones from uploading new data.
“Which we definitely did. Because we could. Because #f**kstalkerware,” the hackers wrote in the note obtained by the tech news site.
The hackers allegedly scraped more than 1.5 GB of data from the company’s web dashboard, including information about individual customers, such as the IP address they logged in from to use the spyware, their purchase history, every device compromised, which version of the spyware the phone was running, and the types of data the spyware was collecting from the victim’s phone.
WebDetetive advertised itself as able to stealthily obtain text messages, call logs, phone call recordings, photos, ambient recordings from the phone’s microphone, location data and even social media activity.
According to TechCrunch, WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil.
Like most spyware/stalkerware solutions, the app can only be “sideloaded” manually onto the target device. These apps are typically used by jealous types looking to spy on their spouses, and Google and Apple refuse to host such products in their respective app stores.
Bitdefender Mobile Security for Android can detect the presence of spyware and other threats on your device.
Spyware vendors typically have weak defenses against targeted attacks, making their already-shady practice even more dangerous when hackers compromise their networks.
In June, LetMeSpy, which provided monitoring software for Android devices, issued a security notice to inform customers that a hacker had broken into its servers and stole sensitive data.
Researcher Maia Arson Crimew examined the stolen database and noted that LetMeSpy's users included government workers and even workers at a rival company. In the wake of June’s hack, LetMeSpy announced it would cease operations on Aug. 31, 2023.