AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Back to Slashdot  <--  <--- Return to Home Page
   Local Database  Slashdot   [100 / 100] RSS
 From   To   Subject   Date/Time 
Message   VRSS    All   Data Breach Reveals Catwatchful 'Stalkerware' Is Spying On Thous   July 2, 2025
 10:40 PM   

Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Data Breach Reveals Catwatchful 'Stalkerware' Is Spying On Thousands
of Phones

Link: https://yro.slashdot.org/story/25/07/03/0023253/data-breach-reveals-catwatchful-stalkerware-is-spying-on-thousands-of-phones?utm_source=rss1.0mainlinkanon&utm_medium=feed

An anonymous reader quotes a report from TechCrunch: A security vulnerability
in a stealthy Android spyware operation called Catwatchful has exposed
thousands of its customers, including its administrator. The bug, which was
discovered by security researcher Eric Daigle, spilled the spyware app's full
database of email addresses and plaintext passwords that Catwatchful
customers use to access the data stolen from the phones of their victims.
[...] According to a copy of the database from early June, which TechCrunch
has seen, Catwatchful had email addresses and passwords on more than 62,000
customers and the phone data from 26,000 victims' devices. Most of the
compromised devices were located in Mexico, Colombia, India, Peru, Argentina,
Ecuador, and Bolivia (in order of the number of victims). Some of the records
date back to 2018, the data shows. The Catwatchful database also revealed the
identity of the spyware operation's administrator, Omar Soca Charcov, a
developer based in Uruguay. Charcov opened our emails, but did not respond to
our requests for comment sent in both English and Spanish. TechCrunch asked
if he was aware of the Catwatchful data breach, and if he plans to disclose
the incident to its customers. Without any clear indication that Charcov will
disclose the incident, TechCrunch provided a copy of the Catwatchful database
to data breach notification service Have I Been Pwned. The stalkerware
operation uses a custom API and Google's Firebase to collect and store
victims' stolen data, including photos and audio recordings. According to
Daigle, the API was left unauthenticated, exposing sensitive user data such
as email addresses and passwords. The hosting provider temporarily suspended
the spyware after TechCrunch disclosed this vulnerability but it returned
later on HostGator. Despite being notified, Google has yet to take down the
Firebase instance but updated Google Play Protect to detect Catwatchful.
While Catwatchful claims it "cannot be uninstalled," you can dial "543210"
and press the call button on your Android phone to reveal the hidden app. As
for its removal, TechCrunch has a general how-to guide for removing Android
spyware that could be helpful.

Read more of this story at Slashdot.

---
VRSS v2.1.180528
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Show Encoding | Hide HTML Tags | Show Routing
Previous Message | Back to Slashdot  <--  <--- Return to Home Page
VADV-PHP
Execution Time: 0.0165 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2025 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
 v2.1.250224