Did you know Secret Phone Surveillance Apps Are Stealing Data Are You a Target?

 

Stalkerware Spyzie was shown to compromise up to 500,000 Android and iPhone devices as per data shared by a recent security researcher. Despite little being known about it, the fact that its threat is so huge is significant for obvious reasons.

While the majority of device owners were unknown, likely, they’re not aware of phone data getting stalked and devices being compromised, the study adds.

As per the security researcher, it’s vulnerable to a similar bug discussed in the past called Cocospy and Spyic. They are nearly identical but different stalkerware platforms that share similar source codes and expose information of nearly two million individuals.

The bug enables anyone to get access to phone information such as images, photos, and location that are transferred from one device to the next. It can also expose email IDs of every client that signed up for the service, so that it compromises the next individual as per the researcher.

We similarly saw the expert exploit this bug to get up to 518,643 email IDs with caches of the addresses. Therefore, such a leak is proof that consumer phone surveillance platforms continue to reign even if they are on a small-scale operation.

Remember, Spyzie has little to no online presence and is mostly banned by Android maker Google for running ads across search. Yet, the astonishing fact here is that they’ve amassed thousands of paying clients.

As a whole, Spyic, Spyzie, and Cocospy are used by nearly 3 million people. Meanwhile, the leak proved how flaws inside these stalkerware apps continue to be more common and put data at serious risk. This is even in those cases where parents want to use platforms for child monitoring purposes. Now that is legal but they’re putting the data belonging to kids at risk of hacking attempts.

Today, Spyzie stands at number 24 since its launch in 2017, where it was hacked or leaked or exposed to sensitive material due to poor security. And from what we can confirm by now from TechCrunch, the bug is yet to be fixed.

Apps such as these are created to remain disguised from the homepage, making it all the more difficult to identify who is the victim. All this time, the apps continue to upload content from victims’ phones towards the spyware servers and are accessible to the person who planted this platform.

A copy of this data was shared by the security expert with TechCrunch, displaying how most victims had Android devices and their phones were physically accessed to plant the app. This is usually by a person having knowledge of the individual’s device passcode.

This is one major reason why the apps are usually used in the context of abusive relations where people often know the passcodes for their partner’s device. As per the data shared, Spyzie was used to compromise around 4900 phones and devices.

Apple now has more stringent regulations about which platforms run on these devices, so stalkerware usually taps into the victim’s information stored inside the Cloud on Apple through the victim’s credentials instead of the actual phone.

Some of the earliest compromised iPhones date back to February of 2020 and July 2024.

So how can users remain safe is the question that most of us are wondering. As per experts, you need to have a safety pin in place because when the spyware goes off, it alerts the attacker that planted it.

Users rely on the victim’s username and password to access the information stored on the iCloud account. You need to ensure the account makes use of 2FA, which is crucial against account hacking attempts and a primary means to target user data. You can also check and get rid of devices linked to Apple Accounts that you cannot recognize.