A security vulnerability in the surreptitious Android spyware process called Catwatchful has revealed thousands of its customers, including its official.
The Bug, which was discovered by Eric Daigle, has poured the full database of the Spyware app for email addresses and the ordinary text passwords used by the effects of effects to access the data stolen from their victims’ phones.
Catwatchful is the disguise of spyware as the child’s monitoring application that claims to be “invisible and not discovered”, all during downloading the contents of the victim’s private phone to a dashboard that can be displayed by the person who planted the application. The stolen data includes pictures of victims, messages and site data in actual time. The application can also take advantage of a dimension in the direct ocean sound from the phone microphone and access the front and rear cameras.
Spyware applications such as Catwatchful are banned from application stores and rely on downloading and planting them by a person with physical access to the person’s phone. As such, these applications are indicated commonly “Al -Mazzad Tools” (or Souseware) For them to facilitate non -consensual monitoring of romantic couples and partners, which is illegal.
Catwatchful is the latest example of an increasing list of hacked, violated or exposed chasers, which is At least the fifth spyware process this year To experience data spill. The incident shows that consumer spyware is still multiplying, although they are vulnerable to the poor coding and safety that offer both customers and victims reassured to data violations.
According to a copy of the database from early June, which was witnessed by Techcrunch, Catwatchfl had email addresses and passwords on more than 62,000 customers and phone data from 26,000 victims.
Most of the devices that were hacked in Mexico, Colombia, India, Peru, Argentina, Ecuador and Bolivia (according to the number of victims) were. Some records go back to 2018, as data appear.
The Catwatchful database also revealed the identity of the spyware operation, Omar Charcov, a developer in Uruguay. Charcov opened our emails, but it did not respond to our requests for comment sent in both English and Spanish. Techcrunch asked if he was aware of the amazing violation of the data, and if he intends to reveal the accident to his customers.
Without any clear indication until Charchov will reveal the accident, Techcrunch presented a copy of the database filled with a database notification service Have you pwned?.
CATWANDANATHING Hosting Spyware Data on Google Services
Diegel, security researcher in Canada He previously achieved violations of the chaser toolsDetailing its results in a Blog post.
According to Daigle, Catwatchful uses a specially made application programming interface, on which each one of the planted Android applications to communicate with data to Catwatchful servers. The Spyware program is also used by Google, which is a platform for developing web and mobile phones, to host and store the stolen phone data of the victim, including its photos and surrounding sound recordings.
Daigle Techcrunch was told that the application programming interface was not coincidental, allowing anyone on the Internet to interact with the threatened user database without the need to log in, which revealed the entire Catwatchful database for email addresses and passwords.
When connecting to Techcrunch, the web company that hosts the Catwatchful applications interface has stopped the spyware developer account, and briefly prevents spyware from operating, but the application programming interface later returned to Hostgator. HostGator, Christine Andrews, did not respond to the requests for comment on the company that hosts Spyware.
Techcrunch confirmed that Catwatchful uses Firebase by downloading and installing spyware filled with the virtual Android device, which allows us to run spyware in an isolated sand box without giving it any real data, such as our website.
We examined the traffic traffic that flows inside and outside the device, which showed data from downloading the phone to a specific Firebase used by Catwatchful to host the stolen victim data.
After providing Techcrunch Google with copies of exciting harmful programs, Google said it added new protection to Google Play ProtectA safety tool that wipes Android phones for harmful applications, such as spyware. Now, Google Play Protect will alert users when he discovers sedative or installed spyware on the user’s phone.
Techcrunch Google also provided details of Firebase, which involves storing data for sedative operation. In response to a question about whether the demands process violated the Firebase service conditions, Google Techcrunch on June 25 had been fulfilled, but it would not immediately abide by the process.
“All applications that use Firebase products must adhere to our service and policies. We check this particular problem, and if we find that the application is violating, the appropriate measures will be taken. Android users who try to install these applications protected with the protection of Google Play,” said Ed Fernandez, a Google spokesman.
As of publication, there are still vibrant residue on the Firebase base.
OPSEC error displays spyware official
Like many spyware, Catwatchful publicly does not include its owner or revealing those who manage the process. that it It is not uncommon for chaser and spyware operators hide their true identitiesIn view of the legal risks and reputation associated with facilitating illegal monitoring.
but Operating security MISHAP is presented in the Charcov data collection as an official of the process.
The Catwatchful Charcov database reviews as the first record in one of the files in the data set. (In violations of previous spyware, some operators were identified through early records in the database, often developers test the spyware product on their own devices.)
The data collection included the full name of Chaarcov, phone number and the specified Firebase’s web address where the Catwatchful database is stored on Google servers.
Jarkov’s personal email address, located in the data collection, is the same email that it looked on on his LinkedIn page, which has been appointed since then on a special. Charcov has also created his email address of his advanced official as the password recovery address at his personal email account in the event of his imprisonment, which connects Charcov directly to the exciting process of monitoring.
How to remove common spyware
Although the joint allegations “cannot be canceled”, there are ways to detect the application and remove it from an affected device.
Before you start, it is important to have you The safety plan is in placeAnd spyware can also be disabled can alert the person who planted them. the The alliance against the tools of the chaser He does an important job in this field and has resources to help victims and survivors.
Android users can discover Castwanding, even if it is hidden from the offer, by calling 543210 In your Android Phone keyboard, then hit the connection button. If Catwatchful is installed, the application should appear on your screen. This symbol is integrated Backdooor feature This allows those who planted the application to restore access to the settings as soon as the application is hidden. This symbol can also be used by anyone to see if the app is installed.
For the application, I have a file General Guidance Directory to remove Android spyware This can help you identify and remove common types of phone chanting tools, then enable the different settings you need to secure your Android device.
–
If you or anyone you know need help, then the hotline of national violence (1-800-799-7233) provides free support around the clock throughout the week for victims of home abuse and violence. If you are in an emergency, call 911. The alliance against the tools of the chaser It has resources if you think your phone may be at risk with spyware.
https://techcrunch.com/wp-content/uploads/2025/07/catwatchful-data-breach-exposed.jpg?resize=1200,823
Source link