Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

Station F emerges as a launch pad for Europe’s hottest AI startups

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026

    What is Mistral AI? Everything you need to know about the OpenAI competitor

    4 July 2026
  • Apps

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026

    Travel app Hopper to pay $35 million in FTC settlement over ‘unfair’ hidden fees

    3 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Hackers Discover New Stalkerware Victims TheTruthSpy: Has Your Android Device Been Hacked?
Security

Hackers Discover New Stalkerware Victims TheTruthSpy: Has Your Android Device Been Hacked?

techtost.comBy techtost.com13 February 202405 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Hackers Discover New Stalkerware Victims Thetruthspy: Has Your Android Device
Share
Facebook Twitter LinkedIn Pinterest Email

A consumer spyware The feature called TheTruthSpy has been a constant security and privacy risk for thousands of people whose Android devices have been unknowingly compromised with mobile surveillance apps, mostly because of a simple security flaw that its operators never fixed.

Now, two groups of hackers have independently found the flaw that allows mass access to data on victims’ stolen mobile devices directly from TheTruthSpy’s servers.

Hacker based in Switzerland maia arson crimew said in a blog post that hacker groups SiegedSec and ByteMeCrew discovered and exploited the flaw in December 2023. Crimew, which was given a cache of TheTruthSpy victim data by ByteMeCrew, also described finding several new security vulnerabilities in TheTruthSpy’s software stack.

SPYWARE DETECTION TOOL

You can check if your Android phone or tablet has been hacked here.

In a Telegram post, SiegedSec and ByteMeCrew said they are not releasing the compromised data publicly, given its highly sensitive nature.

Crimew provided TechCrunch with some of the compromised TheTruthSpy data for verification and analysis, which included the unique device IMEI numbers and advertising IDs of tens of thousands of Android phones recently breached by TheTruthSpy.

TechCrunch verified that the new data is authentic by matching some of the IMEI numbers and advertising IDs to a list of previous devices known to have been hacked by TheTruthSpy, as discovered during a previous TechCrunch investigation.

The latest batch of data includes the Android device IDs for every phone and tablet hacked by TheTruthSpy through December 2023. The data shows that TheTruthSpy continues to actively spy on large groups of victims in Europe, India, Indonesia, the United States , United Kingdom and elsewhere.

TechCrunch has added the latest unique identifiers — about 50,000 new Android devices — to its free spyware scanner that lets you check if your Android device has been hacked by TheTruthSpy.

Security flaw in TheTruthSpy exposed victims’ device data

For a while, TheTruthSpy was one of the most prolific applications for facilitating secret surveillance of mobile devices.

TheTruthSpy is one of a fleet of nearly identical Android spyware apps, including Copy9 and iSpyoo and others, that are secretly placed on a person’s device by someone who usually knows their password. These apps are called “stalkerware” or “spouseware” because of their ability to illegally track and monitor people, often spouses, without their knowledge.

Apps like TheTruthSpy are designed to remain hidden on home screens, making these apps difficult to detect and remove, while constantly uploading the contents of the victim’s phone to a dashboard visible to the attacker.

But while TheTruthSpy touts its powerful monitoring capabilities, the spyware company paid little attention to the security of the data it was stealing.

As part of an investigation into consumer-grade spyware apps in February 2022, TechCrunch discovered that TheTruthSpy and its clone apps share a common vulnerability that exposes a victim’s phone data stored on TheTruthSpy’s servers. The bug is particularly damaging because it is extremely easy to exploit and provides unrestricted remote access to all data collected from the victim’s Android device, including text messages, photos, call recordings and precise real-time location data.

However, the operators behind TheTruthSpy never fixed the bug, leaving its victims exposed to further data breaches. Only limited information about the error, known as CVE-2022-0732was subsequently disclosed, and TechCrunch continues to withhold details of the bug due to the ongoing risk it poses to victims.

Given the simplicity of the bug, its public exploitation was only a matter of time.

TheTruthSpy is affiliated with Vietnam-based startup 1Byte

This is the latest in a series of security incidents involving TheTruthSpy and by extension the hundreds of thousands of people whose devices have been hacked and their data stolen.

In June 2022, a source provided TechCrunch with leaked data containing records of every Android device ever hacked by TheTruthSpy. With no way to notify victims (and potentially notifying their abusers), TechCrunch created a spyware search tool to allow anyone to check for themselves whether their devices have been compromised.

The search tool looks for matches against a list of IMEI numbers and advertising IDs known to have been compromised by TheTruthSpy and its clone apps. TechCrunch also has a guide on how to remove TheTruthSpy spyware — if it’s safe to do so.

But TheTruthSpy’s poor security practices and server leaks also helped reveal the true identities of the developers behind the business, who had gone to great lengths to conceal their identities.

TechCrunch later found that a Vietnam-based startup called 1Byte is behind TheTruthSpy. Our investigation found that 1Byte earned millions of dollars in spyware revenue over the years by funneling customer payments into Stripe and PayPal accounts created with fake US identities using fake passports, social security numbers and other forged documents.

Our investigation found that the false identities were linked to bank accounts in Vietnam managed by 1Byte employees and its director, Van Thieu. At its peak, TheTruthSpy made over $2 million in customer payments.

PayPal and Stripe suspended the spyware maker’s accounts following recent investigations by TechCrunch, as did the US-based web hosting companies 1Byte used to host its spyware operation’s infrastructure and store its vast banks of stolen data phone number of the victims.

After US web hosts booted TheTruthSpy from their networks, the spyware is now hosted on servers in Moldova by a web host called AlexHost, run by Alexandru Scutaru, who claims a policy of ignoring copyright takedown requests of the USA.

Although sidelined and downgraded, TheTruthSpy still actively facilitates the surveillance of thousands of people, including Americans.

As long as it remains online and operational, TheTruthSpy will threaten the safety and privacy of its victims, past and present. Not only because of spyware’s ability to invade a person’s digital life, but because TheTruthSpy can’t stop the data it steals from spreading online.

Read more at TechCrunch:

Android cyber security data breach device Discover hacked hackers mobile spyware security vulnerability stalkerware TheTruthSpy victims
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleScore is a new dating app for people with good to excellent credit
Next Article Robot orders in North America fell 30% last year
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

7 July 2026

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

Station F emerges as a launch pad for Europe’s hottest AI startups

6 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.