This nasty stalkerware was found spying on tens of thousands of phones
Some Android devices have been sending stalkerware logs for years
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Thousands of Android devices have been sending real-time information about contacts, messages, photos, call logs and recordings, and granular location to an Iranian stalkerware company since 2016.
An investigation by Switzerland-based hackermaia arson crimew, has revealed that an Iranian software company that goes by the name ‘virsys’ or ‘virsis’ is to blame.
Having providedTechCrunchwith a copy of Spyhide’s text-only database, the publication has now revealed the extent of the attacks, with an estimated 60,000 Android devices thought to have been affected.
Spyhide stalkerware
More than 100,000 location data points had been identified as being uploaded from a single US-based device, with over 3,000 more US devices also contributing to the data logs.
Other regions that have been clear target for the stalkerware maker have included parts of central and eastern Europe, the UK, and Brazil. A considerable number of Indonesian uploads were also identified.
These are the best privacy tools and anonymous browsers>Google Play reveals major crack down on app store malware>These Samsung phone flaws have been exploited by spyware
While it is reported that more than 4,000 users were responsible for more than one device, with a handful of individuals responsible for dozens of devices, considerably reducing the number of affected victims, the extent of the operation remains sizeable.
Around 3.3 million text messages containing personal information like two-factor authentication (2FA) codes and password reset links were found, alongside 1.2 million call logs containing the receiver’s phone number and 312,000 call recording files.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Other information, such as 925,000 contact lists, 382,000 photos and images, and an alarming 6,000 ambient recordings from victims’ devices, were also identified byTechCrunch.
Because the app is downloaded from Spyhide’s website rather than thePlay Store,Googleisn’t to blame for allowing the app on its platform, however enabling Google Play Protect goes some of the way to protecting users from such stalkerware andmalware.
Neither of the two Iranian developers, Mostafa M and Mohammad A, have responded toTechCrunch’s emails, however Mohammad A claimed only to have briefly been involved in the project as a contractor around eight years ago in an email to maia arson crimew.
German web hosting provider Hetzner, identified byTechCrunchas the server host for data Spyhide data logs, told the publication that it does not allow the hosting of spyware.
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
Best CDN provider of 2024
Google’s new AI video maker for businesses is now available on Workspace
Nokia confirms data breach leaked third-party code, but its data is safe
