TechCrunch learned that last year’s data breach hit a consumer-grade spyware operation called Spyx. The violations show that Spyx and two other related mobile apps have a record of nearly 2 million people in the event of violations, including thousands of Apple users.
The history of data breaches dates back to June 2024, but has not been reported before, and there is no indication that SPYX’s operators have ever informed their customers or customers targeted by Spyware.
From our number The 25th mobile monitoring operation since 2017 It is well known that data breaches have been suffered, or otherwise leaked or exposed, indicating that the consumer-grade spyware industry continues to expand and put people’s private data at risk.
Violations are rare Tracker software Like Spyx, it can also be targeted at Apple customers.
Troy Hunt, running data breach notification website I’ve hadreceived copies of the corrupted data in the form of two text files, containing 1.97 million unique account records with relevant email addresses.
Hunter said the vast majority of email addresses are related to spies. The cache also includes less than 300,000 email addresses related to nearly the same clones of the Spyx application, called MSAFELY and SPYPHONE.
Hunter said about 40% of email addresses have been eliminated in me.
Like previous spyware violations, Hunt marked a spy data breach, I’m considered “Sensitive,” This allows only people with affected email addresses to see if their information is part of this vulnerability.
The operator behind SPYX did not respond to TechCrunch’s emails and raised questions about violations, while the WhatsApp number listed on the Spyx website sent a message back saying it was not registered in the messaging app.
Another spyware, another violation
SPYX is called a mobile monitoring software for Android and Apple devices, ostensibly to grant parents control over children’s phones.
Monitoring malware (such as Spyx) can also be done in terms of Tracker software (and spouse software) Sometimes operators explicitly promote their products to monitor spouse or domestic partners, which is illegal without the knowledge of that person. Even if the operator does not explicitly promote this illegal use, spyware applications have the same hidden data theft.
Consumer-grade spyware, such as Stalkerware, is usually in one of two ways.
Apps used on Android devices, including SPYX, are usually downloaded from outside the official Google Play app store, and people who require physical access to the victim device (usually with their password knowledge) to weaken their security settings and plant Spyware.
Apple has stricter rules on which app store can run on iPhone and iPad, so Stalkerware will usually find copies of device backups on Apple’s cloud storage service iCloud. With one person’s iCloud credentials, Stalkerware can directly download the latest backup of the victim from Apple’s servers. iCloud backup Store most A person’s device data, including message, photo and application data.
According to Hunt, one of two of iCloud’s two files is mentioned in its file name, which contains about 17,000 different sets of plain text Apple account usernames and passwords.
Since the iCloud credentials that were cached in violation obviously belong to Apple customers, Hunt tried to confirm the authenticity of the data by contacting it I am a PWNED subscriber whose Apple account email address and password are found in the data. Hunter said several people confirmed that the information he provided was accurate.
Given the potential for ongoing risks for victims whose account credentials remain valid, Hunt provided Apple with a list of violations of iCloud credentials before the release. TechCrunch arrived without comment.
As for the remaining email addresses and passwords in the text file, it is not clear whether these use credentials on any services other than Spyx and its Clone app.
Meanwhile, Google removed the Chrome extension related to the Spyx campaign.
“The Chrome Web Store and Google Play Store policy clearly prohibits malicious code, spyware and Stalkerware, and if we find a violation, we take appropriate measures. If users suspect that their Google account has been compromised, they should accept it. Recommended steps Make sure it immediately. Google spokesman Ed Fernandez told TechCrunch.
How to find a spy
TechCrunch has one Guide to deletion of spyware for Android users This can help you identify and delete common phone monitoring applications. Remember there is A safety plan developedgiven that closing the app may remind the person who planted the app.
For Android users, open Google Play Protect is a useful security feature that can help prevent Android malware, including unnecessary phone surveillance applications. If the app is not enabled, you can enable Google Play from the app’s settings.
Google accounts are more protected Two-factor authenticationThis can better protect account and data infringement and know If your Google account is compromised, what steps should be taken.
iPhone and iPad users can check and Delete all devices from your unknown account. You should make sure your Apple account uses a long and unique password (Ideally saved in password manager), your account also has Two-factor authentication is turned on. If you think someone might have physically damaged the device, you should also change your iPhone or iPad password.
If you or someone you know of in need, the National Domestic Violence Hotline (1-800-799-7233) provides free, confidential support for victims of domestic abuse and violence. If you are in an emergency, call 911. Alliance against tracking If you think your phone has been compromised by spyware, please provide resources.
