Android Spyware Network Harvests Data from 400,000 Phones Worldwide: Report

Image credit: TechCrunch

A security vulnerability in one of the biggest consumer-grade spyware operations today is putting at risk the private phone data of about 400,000 people, a number that’s growing daily.

The operation, identified by TechCrunch, is run by a small crew of developers in Vietnam but has yet to fix the security issue.

“On the front line of the operation is a collection of white-label Android spyware apps that continuously collect the contents of a person’s phone, each with custom branding, and fronted by identical websites with U.S. corporate personas that offer cover by obfuscating links to its true operator,” reads the report.

“Behind the apps is a server infrastructure controlled by the operator, which is known to TechCrunch as a Vietnam-based company called 1Byte.”

TechCrunch found nine nearly identical spyware apps that presented with distinctly different branding, some with more obscure names than others: Copy9, MxSpy, TheTruthSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, FoneTracker and GuestSpy.

These nine apps have practically identical features. Once installed, they allow the person who planted the spyware access to a web dashboard for viewing the user’s device in real-time — messages, contacts, location, photos and more. And, when TechCrunch analyzed the apps’ network traffic, it found the apps all contact the same server infrastructure.

Android users affected include those in the United States, Brazil, Indonesia, India, Jamaica, the Philippines, South Africa and Russia so far.

Despite the growing threat posed by consumer-grade spyware in recent years, authorities have been hamstrung by legal and technical challenges in their efforts to tackle spyware operations. Check out the full report here.