Uncovering Spyzie: The Stalkerware Targeting Thousands of Android and iPhone Users
In a shocking revelation, a little-known phone surveillance operation named Spyzie has put over half a million Android devices and thousands of iPhones and iPads at risk. Security researchers uncovered that many device owners remain unaware that their personal data has been compromised, raising concerns about the prevalence of such surveillance apps.
How Spyzie Compromised Devices
According to a security researcher who spoke with TechCrunch, Spyzie is vulnerable to the same security flaw affecting other similar stalkerware applications, such as Cocospy and Spyic. These apps, which share the same underlying source code, have already exposed the data of over 2 million individuals.
The Nature of the Vulnerability
The identified security bug enables unauthorized access to sensitive phone data, including:
- Text messages
- Photos
- Location data
Additionally, the bug exposes the email addresses of Spyzie customers, allowing potential misuse of their accounts. The researcher extracted 518,643 unique email addresses and shared them with TechCrunch and Troy Hunt, the operator of Have I Been Pwned, a data breach notification site.
The Rise of Stalkerware Apps
This incident highlights the alarming rise of consumer surveillance applications such as Spyzie, which while having limited online visibility, have attracted a substantial user base. Combined, Cocospy, Spyic, and Spyzie serve over 3 million users worldwide.
Even though the legal use of these applications can include parental monitoring, they increase the risk of exposing sensitive data to hackers. Spyzie marks the 24th stalkerware operation since 2017 to suffer a major security breach.
Understanding the Mechanism of Spyzie
Spyzie and its counterparts are designed to remain hidden on the victim’s device. They continuously upload data to their servers, accessible by the individual who installed the app. Most of the compromised devices are Android, with users needing physical access to install Spyzie, often in contexts such as abusive relationships where knowledge of the victim’s passcode is common.
Impact on iPhone and iPad Users
Spyzie has also been reported to compromise at least 4,900 iPhones and iPads. Due to stricter security measures on Apple devices, stalkerware typically relies on the victim’s iCloud credentials to access stored data rather than directly infiltrating the device.
How to Detect and Remove Spyzie Stalkerware
If you suspect that your device may be compromised by Spyzie, here are steps you can take:
For Android Users
- Dial *#001# on your phone’s keypad and hit the call button. If Spyzie is installed, it will appear on your screen.
- Follow the TechCrunch Android spyware removal guide for further instructions.
For iPhone and iPad Users
- Ensure your Apple Account has two-factor authentication enabled to protect against unauthorized access.
- Check your account for any unfamiliar devices and remove them.
For those in need of support, the National Domestic Violence Hotline (1-800-799-7233) offers 24/7 confidential assistance to victims of domestic abuse. In emergencies, please call 911. Additionally, the Coalition Against Stalkerware provides resources for individuals concerned about spyware on their devices.
Stay vigilant and protect your personal data from potential breaches caused by stalkerware applications.
