A report from TechCrunch reveals that Portuguese-language spyware called WebDetetive has compromised over 76,000 Android devices, predominantly in Brazil. However, white hat hackers claim to have deleted user data from its servers, potentially helping thousands.
The report states that unnamed hackers discovered and exploited vulnerabilities in WebDetetive’s servers. By hacking the spyware company’s web dashboard, the hackers accessed user databases and downloaded records, including customer emails.
Stalkerware Sends User Data to a Central Server Without Consent
According to the report, the dashboard hack also allowed the white hat hackers to sever connections between victims’ devices and WebDetetive’s servers. The hackers claimed this prevented devices from sending new data to WebDetetive.
WebDetetive is a type of software called “stalkerware,” a subgroup of spyware that is usually put on victims’ phones without their consent. Usually by a partner or spouse who suspects infidelity, but the reasons can be even more sinister.
Spyware is also incredibly popular among government spy agencies for surveillance purposes. By compromising WebDetetive’s servers, the hackers have potentially saved thousands from having their data stolen.
The hackers provided TechCrunch with a 1.5GB cache of data stolen from WebDetetive’s dashboard. The publication verified the authenticity of some device identifiers in the cache by matching them to endpoints on WebDetetive’s servers.
However, the outlet was not able to independently confirm that the hackers deleted user data, as claimed. Although, in a note seen by TechCrunch, the hackers wrote:
Which we definitely did. Because we could. Because #fuckstalkerware.”
Per the report, the cache contained information about WebDetetive customers and details on each compromised device. However, it did not include any contents taken from victims’ phones.
TechCrunch indicates the data showed WebDetetive had impacted 76,794 devices and contained info on over 74,000 unique customer emails. The report notes the stalkerware does not verify customer emails.
WebDetetive Linked to Another Spy App
Furthermore, WebDetetive also appears to be connected to another spyware called OwnSpy, developed in Spain. TechCrunch’s analysis found WebDetetive’s Android app contains largely recycled OwnSpy code.
Portions of OwnSpy’s infrastructure reportedly went offline shortly after TechCrunch contacted its developer.
However, white hat hacking such as this can have unintended consequences. Severing connections without warning could unintentionally alert the abusers who installed the spyware. This, in turn, could put victims in further danger.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.
Source: https://beincrypto.com/hackers-break-into-stalkerware-webdetetive/