Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
Department of Commerce
Crypto
Enterprise
EVs
Fintech
fundraise
Gadgets
punt
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
protection
societal
blank
Startups
TikTok
exile
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
get through Us
TechCrunch adds 50,000 new Android device identifiers to spyware lookup tool
A consumer - gradation spyware operation called TheTruthSpy poses an on-going security and privacy hazard to thousands of mass whose Android twist are inadvertently compromised with its mobile surveillance apps , not leastdue to a simple security system defect that its operators never fixed .
Now , two cut up group have independently observe the flaw that allows the pile memory access of victims ’ stolen mobile equipment information directly from TheTruthSpy ’s servers .
Switzerland - found hackermaia arson crimew said in a web log postthat the hack radical SiegedSec and ByteMeCrew identified and exploited the fault in December 2023 . Crimew , who was given a cache of TheTruthSpy ’s victim data from ByteMeCrew , alsodescribed rule several new security vulnerabilitiesin TheTruthSpy ’s software stack .
In a post on Telegram , SiegedSec and ByteMeCrew said they are not publicly put out the breached data , given its extremely tender nature .
Crimew provided TechCrunch with some of the breached TheTruthSpy datum for verification and analysis , which included the unparalleled twist IMEI numbers and advert IDs of tens of thousands of Android headphone of late compromised by TheTruthSpy .
TechCrunch verified the new data is authentic by matching some of the IMEI number and ad ID against a list of late gimmick known to be compromise by TheTruthSpy asdiscovered during an earlier TechCrunch probe .
The latest good deal of data point include the Android machine identifiers of every telephone set and tablet compromised by TheTruthSpy up to and including December 2023 . The datum shows TheTruthSpy go along to actively stag on large clusters of victim across Europe , India , Indonesia , the United States , the United Kingdom and elsewhere .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
TechCrunch has added the latest unique identifiers — about 50,000 new Android devices — to ourfree spyware lookup creature that lets you confirm whether your Android machine was compromise by TheTruthSpy .
Security bug in TheTruthSpy exposed victims’ device data
For a time , TheTruthSpy was one of the most prolific apps for facilitating cloak-and-dagger nomadic equipment surveillance .
TheTruthSpy is one of a fleet of almost - identical Android spyware apps , including Copy9 and iSpyoo and others , which are stealthily planted on a person ’s equipment by someone typically with knowledge of their passcode . These apps are called “ stalkerware , ” or “ spouseware , ” for their power to illegally track and monitor people , often spouses , without their cognition .
Apps like TheTruthSpy are designed to remain obscure on home screens , make these apps difficult toidentify and remove , all the whilecontinuously upload the contents of a dupe ’s phone to a dashboard viewable by the maltreater .
But while TheTruthSpy touted its powerful surveillance capabilities , the spyware operation pay minuscule attention to the security of the data it was stealing .
As part of an investigation into consumer - tier spyware apps in February 2022 , TechCrunch discovered that TheTruthSpy and its clone appsshare a common vulnerabilitythat unwrap the victim ’s phone information stored on TheTruthSpy ’s servers . The bug is especially negative because it is super promiscuous to exploit , and grants unfettered outside access to all of the data point collected from a victim ’s Android twist , admit their textual matter messages , picture , call recordings and accurate genuine - sentence locating data point .
But the manipulator behind TheTruthSpy never fixed the bug , leaving its victims exposed to having their data further compromise . Only circumscribed information about the bug , known as CVE-2022 - 0732 , was later on disclosed , and TechCrunch continues to withhold item of the bug due to the on-going hazard it poses to victims .
reach the chasteness of the bug , its public exploitation was only a matter of clock time .
TheTruthSpy linked to Vietnam-based startup, 1Byte
This is the late in a bar of security incidents ask TheTruthSpy , and by extension the hundreds of G of people whose devices have been compromised and had their data stolen .
In June 2022 , a source provided TechCrunch with leaked data containing records of every Android gadget ever compromise by TheTruthSpy . With no way to alert victims ( and without potentially alerting their abusers ) , TechCrunch build aspyware lookup toolto allow anyone to check for themselves if their devices were compromised .
The lookup creature look for matches against a list of IMEI figure and advertising IDs known to have been compromise by TheTruthSpy and its dead ringer apps . TechCrunch also hasa guide on how to remove TheTruthSpy spyware — if it is good to do so .
But TheTruthSpy ’s poor security practice and talebearing server also aid to let on the substantial - world identities of the developers behind the surgery , who had claim considerable elbow grease to hold in their identities .
TechCrunch after found that a Vietnam - based startup call 1Byte is behind TheTruthSpy . Our probe found that1Byte made millions of dollar bill over the old age in yield from its spyware operationby funneling customer payment into Stripe and PayPal accounting set up under imitation American identities using fake U.S. passports , Social Security identification number and other forged documents .
Our investigation found that the untrue identities were relate to banking concern account statement in Vietnam hunt by 1Byte employee and its director , Van Thieu . At its peak , TheTruthSpy made over $ 2 million in customer payments .
PayPal and Stripe suspended the spyware Creator ’s accounts come after recent interrogation from TechCrunch , as did the U.S.-based entanglement host companies that 1Byte used to host the spyware operation ’s infrastructure and hive away the immense banks of dupe ’ steal headphone data .
After the U.S. web emcee booted TheTruthSpy from their web , the spyware operation is now hosted on servers in Moldova by a entanglement host called AlexHost , run for by Alexandru Scutaru , which claims a policy of ignore U.S. copyright takedown requests .
Though hobbled and demean , TheTruthSpy still actively facilitate surveillance on thousands of hoi polloi , let in Americans .
For as long as it remains online and operational , TheTruthSpy will threaten the surety and privacy of its victim , past and present . Not just because of the spyware ’s ability to invade a somebody ’s digital life , but because TheTruthSpy can not keep the data it steals from spilling onto the net .
say more on TechCrunch :
If you or someone you know needs help , the National Domestic Violence Hotline ( 1 - 800 - 799 - 7233 ) provides 24/7 costless , confidential support to dupe of domestic abuse and violence . If you are in an emergency spot , call 911 . TheCoalition Against Stalkerwarehas resources if you think your speech sound has been compromise by spyware .
