- Catwatchful data leakage affects 62,000 victims, including 26,000 victims’ phone data
- The Dodgy -Developer increased itself by reusing an E -Mail address
- Google has committed to warn users of the app
Security scientist Eric Daigle has revealed information about a serious data violation affecting Catwatchful, an Android Spyware app that is disguised as a child monitoring tool.
A complete user database with plaintext -password and e -mail addresses affecting over 62,000 users is leaked as a result, with telephone data such as messages, photos, location, microphone and camera codes that also put 26,000 victims at risk.
According to the report, the spyware app runs in Stealth mode hidden from users, collects and uploads information.
Catwatchful -App is full of spyware
As is typical of stalkerware like this, Catwatchful is an app that operates outside the Play Store that requires physical installation via a process known as sideloading.
The app administrator, Uruguay-based developer Omar Soca Charcov, has been exposed to because the email he used for catwatchful had been reused on LinkedIn.
Daigle also noted that Charcov’s Admin account was the first item in the violated database, with the recovery of password linked to his personal E -mail address.
The data was stored on Google Firebase, sent via a custom API that was unauthorized, resulting in open access to user and sacrificial data. The report also confirms that although hosting had originally been suspended by Hostgator, it had been restored via another temporary domain.
Most affected devices affect users in Mexico, Colombia, India, Peru, Argentina, Ecuador and Bolivia.
Daigle was able to utilize a SQL injection vulnerability to access the database, which led him to conclude that Firebase was not the source of vulnerability, but rather API.
Google has been notified and even though the app has not been distributed in the Play Store, the company has added Google Play Protect Alerts for Catwatchful.
To remain protected from threats like this, it is important to use the best antivirus software, reliable tools for removing malware and strong endpoint protection.
Even known apps and tools may have shortcomings, so running entrusted security software and keeping all the apps current helps reduce the risk of malware sliding through unnoticed.
