- The Cocospy and the Spyic have proved to be sensitive information
- Developers do not respond and bugs have not been corrected
- People’s photos, messages, call newspapers, and more, are at risk
E-mail addresses, SMS, call newspapers, photographs and other sensitive data, belonging to millions of people may have been exposed online thanks to a pair of defective spy software applications.
Spy software applications, often also called “spouse software”, are applications that people secretly install on mobile devices belonging to their partners, children or similar. They are announced as legitimate surveillance applications, but mainly operate in the gray area and are not authorized in the main application stores, such as the App Store or the Play Store.
A cybersecurity researcher recently analyzed Cocospy and Spyic, two SPYware popular applications whose code apparently has important horses that allowed the researcher to draw sensitive information from their servers.
E-mail addresses and more
TechcrunchWho reported the results for the first time, said the bug was “relatively simple to exploit”, but in order to protect the victims, decided to share no details at the moment.
When a person wants to install spy software on someone else’s device, he must first use an e-mail address to save an account.
The researcher managed to exfiltrate 1.81 million email addresses used to register with Cocospy and around 880,000 addresses used for the Spyic. In addition to the email addresses, the researcher managed to access most of the data collected by applications, including images, messages and call newspapers.
Due to the nature of the applications, developers do their best to stay hidden and out of reach. Techcrunch Has deduced that developers are probably of Chinese origin, but could not say with certainty – although there is evidence that the developer could be 711.icu, whose website does not even take care.
The operators did not respond to media requests and did not, at the time of the press, discussed vulnerabilities.
