A Flaw in Catwatchful Spyware Exposed Logins of +62,000 Users
Security researcher Eric Daigle has exposed a massive data leak from the popular spyware app, Catwatchful. The flaw in the app's Firebase database revealed email addresses and plaintext passwords of over 62,000 users, turning the once-invisible spy tool into a major security risk.
About Catwatchful Spyware
Catwatchful masquerades as a child monitoring app but is actually a sophisticated spyware that uploads the victim's phone contents to a dashboard viewable by the person who installed it. The app can remotely tap into live ambient audio, access camera feeds, and even steal sensitive photos and messages.
The Flaw: A SQL Injection Vulnerability
Security researcher Eric Daigle discovered a critical flaw in Catwatchful's Firebase database. The vulnerability allowed him to intercept plaintext logins, passwords for 62,000 accounts, and links between users and devices. This breach not only exposed the victims' data but also gave an attacker access to any account linked to the compromised database.
The Stolen Data
According to Daigle's findings, the stolen data includes:
- Email addresses of over 62,000 customers
- Plaintext passwords for more than 62,000 users
- Phone data from 26,000 victims' devices
- Sensitive photos and messages
The Victims: Mostly in Latin America
Most Catwatchful spyware victims were located in Mexico, Colombia, India, and other Latin American countries. Some of the data dated back to as early as 2018.
Consequences and Investigations
TechCrunch shared the leaked data with Have I Been Pwned, a service that helps inform potential victims of breaches. The incident highlights how poorly built consumer-grade spyware continues to spread, putting both users and victims at risk of data leaks.
The Admin: Omar Soca Charcov from Uruguay
According to the leaked database, Catwatchful's administrator is Omar Soca Charcov from Uruguay. However, he did not respond to requests for comment.
What Can You Do?
If you suspect that your phone or email account has been compromised by Catwatchful spyware, dial "543210" on the infected device to reveal its presence and potentially uninstall it. Remember, these apps are banned from app stores due to their propensity for facilitating non-consensual surveillance.
Stay Safe Online
As with any security incident, it's essential to stay vigilant and take precautions to protect your digital identity. Follow reputable sources and news outlets like TechCrunch and follow security experts on social media to stay informed about the latest security threats.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon