• WarmSoda@lemm.ee
    link
    fedilink
    English
    arrow-up
    33
    ·
    1 year ago

    The hackers said that dashboard access also allowed them to delete victim devices from the spyware network altogether, effectively severing the connection at the server level to prevent the device from uploading new data. “Which we definitely did. Because we could. Because #fuckstalkerware,” the hackers wrote in the note.

    The world needs more digital vigilantes

    • Apathy Tree@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      1 year ago

      This could actually lead to negative outcomes for victims, if their attacker/stalker gets a notification that the connection is broken (the article also mentions this toward the end).

      So while yes, it needs to be done safely.

  • gullible@kbin.social
    link
    fedilink
    arrow-up
    14
    ·
    1 year ago

    Once planted, the app changes its icon on the phone’s home screen, making the spyware difficult to detect and remove. WebDetetive then immediately begins stealthily uploading the contents of a person’s phone to its servers, including their messages, call logs, phone call recordings, photos, ambient recordings from the phone’s microphone, social media apps, and real-time precise location data.

    Leaving this information in servers accessible to anyone willing to put a few dozen hours into picking away at them is terrifyingly negligent. The market for this app is parents and significant others, people who traditionally care about you. At that point, you’ve already failed them and yourself.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    This is the best summary I could come up with:


    A Portuguese-language spyware called WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil.

    In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases.

    DDoSecrets, a nonprofit transparency collective that indexes leaked and exposed datasets in the public interest, received the WebDetetive data and shared it with TechCrunch for analysis.

    But while the breached data itself reveals few clues about WebDetetive’s administrators, much of its roots can be traced back to OwnSpy, another widely used phone spying app.

    We ran a network traffic analysis to understand what data was flowing in and out of the WebDetetive app, which found it was a largely repackaged copy of OwnSpy’s spyware.

    By TechCrunch’s count, at least a dozen spyware companies in recent years have exposed, spilled, or otherwise put victims’ stolen phone data at risk of further compromise because of shoddy coding and easily exploitable security vulnerabilities.


    The original article contains 1,244 words, the summary contains 175 words. Saved 86%. I’m a bot and I’m open source!