Google removes phone spyware illegally hosted on its servers

Google has shut down phone spyware operator Catwatchful, which was hosted on its servers. According to reports, the surveillance operator’s account was using the tech company’s servers to host and operate the monitoring software. The move to shut down the operation comes after several alerts to the firm.

A report by TechCrunch mentioned that the platform alerted the technology firm about the spyware operation. It was being hosted on Firebase, one of Google’s developer platforms. Catwatchful was using Firebase to host and store huge amounts of data stolen from thousands of phones compromised by the spyware.

“We’ve investigated these reported Firebase operations and suspended them for violating our terms of service,” Google spokesperson Ed Fernandez said.

Google says it has shut down Catwatchful

According to reports, Google did not explicitly state why it took about a month to investigate and suspend the Firebase account of the operation. In the company’s terms of use, Google prohibits its customers from hosting malicious software or spyware on its platforms. Since the company is for-profit, it has a commercial interest, retaining users who are interested in paying for its services.

Catwatchful was an Android-specific child monitoring application, but was built to also act as spyware to the user. Like other spyware applications, users need to physically install it on their phones by entering their passcode. These devices are also called stalkerware, as they can be used for non-consensual surveillance on romantic partners and spouses, which is illegal.

After the application is installed, it is designed to stay hidden from the home screen of the victim. In the background, it uploads several private files of the victims, including private messages, photos, location data, and other details to a web dashboard that can be viewed by the person who planted the application.

As of yesterday, Catwatchful is no longer functioning, and it does not appear to transmit or receive data, according to the spyware analysis carried out by TechCrunch.

Spyware operations involved in leaked data on the rise

Catwatchful first came into the limelight in the middle of June after security researcher Eric Daigle identified a security bug that exposed the spyware operations’ back-end database. The bug allows unauthenticated access to the database, meaning that users who want to access it do not need passwords or credentials. The database also contained more than 62,000 Catwatchful user email addresses, plaintext passwords, and records on about 26,000 victim devices compromised by the spyware.

The data also revealed the administrator behind the operation, showing that a Uruguay-based developer called Omar Soca Charcov is running the show. There is no clear indication that Charcov is aware of the security lapse or his plans for notifying affected individuals in the breach. However, a copy of the Catwatchful database has been provided to the data breach notification service Have I Been Pwned.

Catwatchful is the latest in a long list of surveillance platforms that have suffered breaches in the last few years. Most of these operations and platforms suffer from these breaches due to coding or poor cybersecurity practices. According to reports, Catwatchful is the fifth spyware operation, since the beginning of the year, to have spilled user data and the most recent in about 24 known spyware operations since 2017.

Users who feel they may run the risk of being exposed as a result of using the Catwatchful spyware app need to do something about it. Android users can also identify if the spyware app is installed on any of their devices, even if the app is hidden, by dialing 543210 into their Android phone and pressing the call button. Users are also advised to have a safety plan in place before removing spyware from their phones.

KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage