Catwatchful spyware disguises itself as a monitoring app, stealing personal information from tens of thousands of people.
Android phone users, please be cautious. When downloading apps on your phone, make sure the app does not contain hidden spyware!
According to (Techcrunch), cybersecurity researcher Eric Daigle discovered an Android spyware named 'Catwatchful', which disguises itself as a parental control app, claiming to be invisible and undetectable, but actually uploads the victim's private content from their phone to a dashboard for the spyware developer to view.
Catwatchful software can steal victims' photos, messages, and real-time location data, and even remotely activate the phone's microphone to record audio and access images taken by the front and rear cameras.
Software like Catwatchful is typically banned from major app stores and must be installed via direct download, requiring someone to physically access the victim's phone for implantation, hence it is often referred to as 'stalkerware' or 'spouseware' used for illegal monitoring of spouses or partners.
Image source: Catwatchful official website. Catwatchful spyware disguises itself as a monitoring app, stealing personal information from tens of thousands of people.
In other words, many people risk downloading an illegal app to monitor friends and family, only to find themselves being monitored by others.
Database data from early June to now shows that Catwatchful has captured over 62,000 customers' email addresses and passwords, as well as data from 26,000 victims' phones. Victims are primarily located in countries such as Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia.
Catwatchful spyware is powerful enough to reveal even the developer's identity.
Cybersecurity researcher Daigle discovered the Catwatchful software due to an interesting security vulnerability.
He stated that the customized API used by Catwatchful lacks authentication mechanisms, allowing anyone to interact with the software's user database online and access the entire customer database's email addresses and passwords without logging in.
It was then that he discovered that the personal data database stolen by Catwatchful accidentally exposed the developer's identity.
Due to operational security lapses, the software's administrator Omar Soca Charcov (a developer residing in Uruguay) has been identified by researchers. Charcov's personal information is listed as the first record in the database, including full name, phone number, and the Firebase instance URL where data is stored.
(Techcrunch) points out that Catwatchful uses Google's Firebase platform to host and store stolen data from victims' phones, including photos and environmental recordings. The media has provided relevant information to Google, but as of the time of publication, Catwatchful is still operational on Firebase.
Further reading:
Caution! Kaspersky: Malware infects cryptocurrency Coin, and avoid installing these 4 apps.
Cryptocurrency enthusiasts, beware! 16 billion sets of account credentials have leaked globally; quickly do these two things to protect your crypto assets.
Catwatchful claims it cannot be uninstalled, but it can be detected with special codes.
Although Catwatchful claims to be 'uninstallable', there are still ways to detect and remove the app.
(Techcrunch) states that Android users can enter '543210' in the phone dialer interface and press the dial key. If Catwatchful is installed, the app will appear on the screen.
However, experts also remind users to develop a safety plan before removing the spyware, as disabling the spyware may alert the developer. It is advisable to seek assistance from the Coalition Against Stalkerware.
Image source: Techcrunch. Catwatchful claims it cannot be uninstalled, but it can be detected with special codes.
How can Android users check if spyware is installed?
According to (Techcrunch), users can follow these steps to determine whether they have installed spyware and how to remove it.
Step 1: Enable Google Play Protect.
First, ensure that Google Play Protect is enabled, which is one of the best defenses against malicious Android apps.
Step 2: Check accessibility service settings.
Next, check the 'Accessibility Service' settings, as spyware often abuses this function to access device data deeply. Users not using accessibility apps should not see any apps in this setting.
Step 3: Check notification access permissions.
Next, check 'Notification Access Permissions', as spyware may use this feature to continuously monitor notification content, including messages and other alerts. Users should disable notification access permissions for any unfamiliar apps.
Step 4: Check device administrator app settings.
Users can also check the 'Device Administrator Apps' settings, as this feature is often used by companies to remotely manage employee phones, but it may also be abused by spyware.
Most people's personal phones will not have device administrator apps, so if names like 'System Service', 'Device Health', etc., are found, special attention is needed.
Step 5: Check for unknown app icons.
Finally, remember to check the list of all installed apps for any unknown app icons that may have extensive access to calendar, call logs, camera, contacts, and location data.
After force-stopping these apps and uninstalling the spyware, it is recommended to strengthen the screen lock password and enable two-factor authentication (2FA) to protect the device.
'Android phone users, beware! This spyware app is stealing account credentials, with tens of thousands of personal information stolen.' This article was first published in 'Crypto City'.