TechCrunch has published a tool that allows Android users to check if their device contains Stalkerware from TheTruthSpy. The data comes from TheTruthSpy servers and includes the imei numbers of hundreds of thousands of Android users.
Got TechCrunch In early June cache files from TheTruthSpy servers containing lists of imei numbers and ad identifiers for Android devices that still had stalkerware apps from TheTruthSpy in April. TheTruthSpy is a company that started this year via TechCrunch It made headlines for selling commercially available software that can spy on users of smartphones and desktop computers. The program also contained a vulnerability that allowed obtaining user information on servers without the need for authentication. The website’s editors then discovered that this company’s stalkerware apps have affected at least 400,000 Android users.
Stalkerware can record GPS location, photos, web history, emails and chats, and keystrokes, among other things. TheTruthSpy released the stalkerware app under its own name, but also under other names such as Copy9, MxSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, GuestSpy and FoneTracker. According to TechCrunch, all of these apps communicate with the same servers and the cache files for those servers are now in the hands of the website.
TechCrunch advises interested parties not to use the tool on a potentially infected device. The examination must be performed with another device. Users then need to enter the device’s IMEI number or advertising ID into the online tool. It then checks for the presence of numbers in TheTruthSpy servers cache files.
If the tool indicates that an Android device is infected, the Stalkerware app can be uninstalled, according to TechCrunch, by enabling Google Play Protect and checking accessibility settings for unknown services, then uninstalling them. TechCrunch also states that device supervisoron Android, and should be removed if necessary. Users should also check Android apps list for apps they don’t recognize.
Stalkerware TheTruthSpy apps are usually surreptitiously installed on victims’ devices, but the apps also contain Lock live object references– Weakness, or double IDOR for short. This allows hackers to retrieve the personal information of affected individuals from servers without authentication. The vulnerability is rated as CVE-2022-0732.
“Web maven. Infuriatingly humble beer geek. Bacon fanatic. Typical creator. Music expert.”