Hackers Breach Brazilian Phone Spyware, Delete Victims’ Devices and Publish Scraped Dashboard Data
In an ironic turn of events, a Portuguese language phone spy appnamed WebDetetive was hacked by a group of unnamed hackers. At the time of the breach, the spyware had already been used to compromise over 76,000 devices, primarily in Brazil.
The hackers went on to delete victim devices from WebDetetive's network, essentially severing the connections at the server level. This means the devices will no longer be able to upload any data stolen by the spyware.
Scraped Dashboard Data, Including Customer Information Made Public by HackersThe hackers explained in an undated note that they had discovered and exploited multiple vulnerabilities, ultimately compromising the spyware maker's servers and its access to the user databases. They also exploited other flaws in the web dashboard used by WebDetetive users to access their victims' stolen phone data.
The hackers enumerated and downloaded every single dashboard record, including the email addresses of the spyware's customers.The dashboard access enabled the hackers to remove the victim devices from the network altogether. Which we definitely did. Because we could," the hackers added in their note, confirming that they indeed severed the connection between the server and the devices.
The note is a part of a cache comprising 1.5GB of data scraped from WebDetetive's dashboard.Other data in the cache included the users' IP addresses, purchase histories, and each and every device compromised by the respective customers.
Other data include the version of the spy app that was being run on the device and what kind of data was being extracted from the infected device. However, the cache did not reveal any contents stolen from the victims'' devices.
How Did WebDetetive Work?Like many similar phone monitoring apps, WebDetetive is first planted on the victim's device without their knowledge. So, wouldn't the person notice the app and remove it? This is actually quite difficult since WebDetetive's icon on the home screen changes once it's planted, disguising the app among the rest.
The spyware starts uploading the contents of the infected device to its servers secretly. These include call logs, messages, call recordings, photos, social media apps, real-time precise location data, and ambient recordings made using the phone's microphone.
The hackers also revealed as many as 74,336 unique customer email addresses.As per the WebDetetive data received by DDoSecrets, the spyware had been used to compromise 76,794 devices to date at the time of the breach. However, they can't really be used to analyze the customers since the signup process on WebDetetive doesn't include email verification.
Besides its surveillance capabilities, there isn't much known about WebDetetive. Spyware makers typically keep their real-world identities concealed or obfuscated due to the associated reputational and legal risks.
However, WebDetetive's roots can be traced back to OwnSpy, another popular phone spyware app. A network traffic analysis revealed that the WebDetetive app was mostly a repackaged copy of OwnSpy spyware, and WebDetetive's user agent still refers to it as OwnSpy.
Compromised Spyware: A Recurrent TrendWebDetetive is far from being the only spyware to be hacked in recent times. Polish phone tracking app LetMeSpy was hacked in June 2023, following which the hackers exposed the data stolen from the victims' devices and deleted them from the spyware maker's servers.
Commonly known as stalkerware" and spouseware", such apps are notorious for their shoddy coding with numerous vulnerabilities. In recent years, such security vulnerabilities on at least a dozen spyware apps have put the victims' phone data at risk.
The post Hackers Breach Brazilian Phone Spyware, Delete Victims' Devices and Publish Scraped Dashboard Data appeared first on The Tech Report.