A spyware, called Spyx, called Spyx, was hurt by data breach last year, TechCrunch has learned. The breach reveals that Spyx and two other related mobile applications had records of nearly 2 million people at the time of the breach, including thousands of Apple users.
Data breach dates back to June 2024, but had not been mentioned before and there is no indication that Spyx’s operators have ever alerted its customers or those targeting Spyware.
The SpyX family of the Spyware mobile software is now, with our counting, the 25th Kinetic Surveillance Company since 2017, which is known to have experienced data breach or otherwise poured or exposes the data of their victims or users, showing that the consumer spyware industry continues to multiply and multiply.
The breach also provides a rare look at how stalkerware like Spyx can also target Apple customers.
Troy Hunt, which runs a data breach alert site I have passedIt received a copy of the data violated in the form of two text files containing 1.97 million unique account files with relevant email addresses.
Hunt said the overwhelming majority of email addresses are linked to Spyx. The cache also includes fewer than 300,000 email addresses associated with two nearest SpyX apps called Msafely and Spyphone.
About 40% of the email addresses were already on pwned, Hunt said.
As with the previous spyware violations, Hunt marked the Spyx data violation, I have passed as pwned as “sensitive,” that only allows the person with an email address influenced to determine if his information is part of this breach.
Operators behind SPYX did not respond to TechCrunch emails with questions about the breach and a Whatsapp number mentioned on the SPYX website returned a message saying it was not registered in the messaging application.
Another Spyware, Another Violation
SpyX is priced as mobile monitoring software for Android and Apple devices, seemingly for the parental control of a child’s phone.
Malicious monitoring software, such as Spyx, also goes from the term stalkerware (and spouseware), because sometimes operators exploit their products as a way of spying on a spouse or domestic partner who is generally illegal without his knowledge. Even when operators do not explicitly promote this illegal use, spyware applications share much of the same data theft capabilities.
Spyware, like stalkerware, usually works in one of two ways.
Applications working on Android devices, including SPYX, are usually downloaded from the outside of the official App Store Google Play program and require someone with physical access to a victim’s device – usually with knowledge of the Pass -Code code – to weaken security settings and plant spyware.
Apple has stricter rules on applications that can be in the App Store and executed on iPhones and iPads, so stalkerware usually sinks into a copy of the backup of the device’s cloud storage service, iCloud. With a person’s iCloud credentials, Stalkerware can constantly download the victim’s latest backup directly from Apple servers. backups Save the majority of a person’s device data, including messages, photos and applications.
According to Hunt, one of the two files of the cache violated memory refers to the iCloud in his file name and contained about 17,000 different sets of usernames and Apple Account Passwords.
Since iCloud credentials in violated cache was clearly owned by Apple customers, Hunt tried to confirm the authenticity of the data by approaching I was PWned subscribers whose email addresses and Apple account passwords were found in the data. Hunt said that several people confirmed that the information he provided was accurate.
Given the likelihood of continuous risk for victims whose account credentials may still be valid, Hunt has provided the list of ICLOUD credentials to Apple before publishing.
Apple did not comment on the press time when it arrived at TechCrunch before publishing.
In a brief statement provided after the publication, Apple spokesman Sarah O’Rourke told TechCrunch: “When data violations at other companies endanger Apple accounts, our security teams work to explore quickly and protect our users.
As for the other email addresses and passwords found in the violated text files, it was less clear if they worked credentials for any service other than Spyx and clone applications.
In the meantime, Google pulled a Chrome extension connected to the Spyx campaign.
“The Chrome Web Store and Google Play Store policies clearly prohibit malware, spyware and stalkerware and if we find violations. recommended steps Immediately to ensure it, “Google Ed Fernandez spokesman told TechCrunch.
How to look for Spyx
TechCrunch has a spyware removal guide for Android users that can help you identify and remove common types of phone tracking apps. Remember to have a security plan in placeSince disabling the application can notify the person who put it.
For Android users, activating Google Play Protect It is a useful safety feature that can help protect against Android Malware, including undesirable phone tracking applications. You can activate Google Play from app settings if not already enabled.
Google accounts are much more protected with Two -factor authenticationwhich can better protect from account and data invasions. Know What steps should you take if your Google account has been violated.
If you have an iPhone and iPad, you can check and Remove any devices from your account that you don’t recognize. You should ensure that your Apple account uses a long and unique password (ideally stored in password manager) and that your account also has Activated two -factor authentication. You should also change your iPhone or iPad Passcode if you think someone may have naturally downgraded your device.
If you or someone you know needs help, the national telephone line for approved violence (1-800-799-7233) provides free 24/7 confidential support to victims of home abuse and violence. If you are in an emergency mode, call 911. Coalition against Stalkerware It has resources if you think your phone has been violated by Spyware.
Was updated by comment by Apple.
