Scroll Top

Spyhide Stalkerware exposes over 60,000 phones worldwide

conceito-spyware has uncovered a major cybersecurity threat in the form of Spyhide, a stalkerware app that has compromised tens of thousands of Android devices since its inception in 2016. Developed in Iran, this stealthy spyware collects private data from victims’ phones, including contacts, messages, photos, call logs, recordings, and real-time location information. Stalkerware apps like Spyhide are illicitly installed on victims’ phones, often by individuals with knowledge of the phone’s passcode, making them difficult to detect and remove. These apps pose serious risks, as they can leak victims’ private data, exposing them to potential harm.

Latest discovery exposes spyhide’s operations
Switzerland-based hacker maia arson crimew recently disclosed that Spyhide inadvertently exposed a portion of its development environment, enabling access to the source code of the web-based dashboard used by abusers to view stolen phone data. Exploiting this vulnerability, crimew accessed the back-end databases, revealing the inner workings of this secretive spyware operation and its suspected administrators.

Stolen phone data reveals global surveillance network
Analysis of Spyhide’s database revealed detailed records of approximately 60,000 compromised Android devices dating back to 2016 until mid-July. These records include years’ worth of call logs, text messages, location history, and more. The surveillance network extends across all continents, with significant clusters of victims in Europe and Brazil. Notably, the United States has over 3,100 compromised devices, making some U.S. victims among the most surveilled on the network in terms of location data alone. Astonishingly, one U.S. device had uploaded over 100,000 location data points.

User accounts and compromised devices
Spyhide’s database contained records on 750,000 users who signed up to the service intending to plant the spyware app on victims’ devices. While this suggests a concerning interest in surveillance, most of these users did not follow through with compromising a phone or paying for the spyware. However, more than 4,000 users were in control of more than one compromised device, and a smaller number had control over dozens of compromised devices.

Exposed data includes highly personal information
The stolen data encompassed 3.29 million text messages, including sensitive information like two-factor codes and password reset links. Additionally, the database contained more than 1.2 million call logs, over 312,000 call recording files, about 925,000 contact lists with names and phone numbers, and details on 382,000 photos and images. Shockingly, close to 6,000 ambient recordings had been surreptitiously recorded from victims’ phone microphones.

Spyhide’s origin and hosting
Spyhide’s website does not reveal information about its operators or origin, as is common with spyware to evade legal and reputational risks. However, the exposed source code contained the names of two Iranian developers who profit from the operation. Attempts to contact the developers for comment remained unanswered. While stalkerware apps are banned from Google’s app store, users are forced to download Spyhide directly from the website. The app was observed sending data to a server hosted by German web hosting provider Hetzner, despite Hetzner stating they do not allow the hosting of spyware.

Protecting yourself from stalkerware
As stalkerware apps often masquerade as ordinary Android apps or processes, detecting them can be challenging. Spyhide, for instance, disguises itself as a Google-themed app called “Google Settings” or a ringtone app called “T.Ringtone.” To protect against malicious apps, Android users can check their installed apps through the settings menu and enable Google Play Protect. urges users to remain vigilant and protect their privacy by taking these precautionary measures against stalkerware and spyware threats.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.