Hackers attacked the makers of a popular mobile spyware tool, destroying all the data the company collected on its victims and exposing the malicious authors who paid for the spyware service.
A report of TechCrunchbriefed by DDoSecrets, a non-profit transparency group that documents data leaks, looked into a large database – 1.5GB in size – received from an unnamed group of hackers, claiming the database came from WebDetetive, a ‘mobile spyware app created for the Portuguese speaking community.
Most of the victims were in Brazil, it was said.
Flipping the script
The hackers told DDoSecrets that they found multiple vulnerabilities in WebDetetive’s infrastructure and endpoints that allowed them to access the database. While inside, they discovered that an estimated 76,000 Android devices were victims of spyware, which harvested all kinds of private and sensitive information.
However, instead of stealing victims’ data and posting it online, the group purged their devices from the spyware network, rendering them unusable. Infected devices were no longer able to send new data to the spyware server. The group said they did it “because we could”. They also generated a different database (the one shared with DDoSecrets) and filled it with information about people using WebDetetive’s services.
The data included customers’ IP addresses and purchase history. It also included all devices infected by each customer, the spyware version installed, and the type of data stolen.
Spyware or stalkerware apps are not available in official app stores, such as the Play Store or App Store. They can be installed from third party shops and other places on the Internet and allow the buyers to install an almost invisible app on the victim’s device and collect information about calls, text messages, photos and videos, GPS data and more.