Stalkerware App Leaked Phone Data from Thousands of Victims

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
The app, KidsGuard, claims it can “access all the information” on a target device, including its real-time location, text messages, browser history, access to its photos, videos and app activities, and recordings of phone calls. But a misconfigured server meant the app was also spilling out the secretly uploaded contents of victims’ devices to the internet.

These consumer-grade spyware apps — also known as “stalkerware” — have come under increased scrutiny in recent years for allowing and normalizing surveillance, often secretly and without obtaining permission from their victims. Although many of these apps are marketed toward parents to monitor their child’s activities, many have repurposed the apps to spy on their spouses. That’s prompted privacy groups and security firms to work together to help better identify stalkerware. KidsGuard is no different. Its maker, ClevGuard, pitches the spyware app as a “stealthy” way to keep children safe, but also can be used to “catch a cheating spouse or monitor employees.” But the security lapse offers a rare insight into how pervasive and intrusive these stalkerware apps can be.
 
Last edited:
F

ForgottenSeer 85911

app not malicious
app meant to do full tracking by design for parental control
security breach was a misconfiged server
 
  • Like
Reactions: upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
app not malicious
app meant to do full tracking by design for parental control
security breach was a misconfiged server
Partially yes, but sadly also much worse.
one victim we spoke to said she found out just a few days earlier that spyware had been installed on her phone.

“It was my husband,” said the victim. The two had been separated, she said, but he was able to access her private messages by secretly installing the spyware on her phone. “I gave him the choice to show me how he was doing it or I was getting a divorce, so he finally showed me last night,” she said. ClevGuard shut down the exposed cloud storage bucket after we contacted the company. We also contacted Alibaba, which also alerted the company of the exposure.

“This is evidence that not only are spouseware and stalkerware companies morally bankrupt, they are also often failing to protect their stolen user data once they have it,” said Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation, who also examined the app. “The fact that this also includes the data of young children is both alarming and sickening,”
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top