A little well -known telephone surveillance business called Spyzie has jeopardized over half a million Android devices and thousands of iPhones and iPads, according to data shared by a security researcher.
Most of the affected device owners, who are unknown, probably do not know that their phone data has been violated.
The security researcher told TechCrunch that Spyzie is vulnerable to the same error as Cocospy and Spyic applications, two almost identical but different stalkerware applications that share the same source code and expose the data of more than 2 million people, as reported last week. The error allows anyone to access the phone data, including messages, photos and location data, is exhausted by any device at stake in the three applications.
The error also exposes the email addresses of each customer he signed to Spyzie to endanger someone else’s device, the researcher said.
The researcher took advantage of the error to collect 518,643 unique Spyzie customer email addresses and provided the cache of email addresses to TechCrunch and Troy Hunt, who takes advantage of the I have passed Data breach alert website.
This latter leak shows how increasingly prevalent consumer monitoring applications have been made between civil society, even by few well -known businesses such as Spyzie, who have just been present on the internet and are largely prohibited by Google from running advertising in search results and still have.
Collectively, Cocospy, Spyic and Spyzie are used by more than 3 million customers.
The leak also shows that defects in Stalkerware applications are increasingly common and place customer and victims’ data at risk. Even in the case of parents who want to use these applications to monitor their children, which is legal, they put their children’s data at risk.
With our counting, Spyzie is now the 24th Stalkerware feature from 2017 to have been tired or leaked or leaked or expose the extremely sensitive data of his victims due to poor security.
Spyzie’s operators did not return TechCrunch’s request for comments. At the time of writing, the error has not yet been corrected.
Planned Android applications and stolen apple credentials
Applications such as Spyzie, or Cocospy and Spyic, are designed to stay hidden from home screens, making applications difficult to identify from their victims. All the time, applications are constantly uploading the contents of the victim’s device to Spyware’s servers and are accessible to the person planted in the application.
A copy of the data shared by the security researcher with TechCrunch shows that the overwhelming majority of Spyzie victims are owners of Android devices, whose phones must be of course accessible to plant the Spyzie application, usually by someone with knowledge of the Passcode code of their device.
This is one of the reasons why these applications are commonly used in the context of abusive relationships, where people often know their romantic partner password.
The data also shows that Spyzie has been used to endanger at least 4,900 iPhones and iPads.
Apple has stricter rules on applications that can be executed on iPhones and iPads, so stalkerware usually sinks into a victim’s device data stored in the Apple cloud storage service using the victim’s Apple credentials rather than the device itself.
Some of Apple’s first meditated device owners date from early February 2020 and just recently in July 2024, show Spyzie files.
How to remove Spyzie Stalkerware
As with Cocospy and Spyic, individual victims of Spyzie’s surveillance from scratched data could not be identified.
But there are things you can do to see if your phone is at stake by Spyzie.
For Android users: Even if Spyzie is hidden in terms, you can usually call ✱✱001✱✱ On the keypad of the Android phone app and then press the call button. If Spyzie is installed, you should appear on your screen.
It is a backdoor feature embedded in the application that allows the person planting the application on the victim’s phone to retrieve access. In this case, it can also be used by the victim to determine if the application is installed.
TechCrunch has a general Android Spyware removal guide that can help you detect and remove the common stalkerware types and enable settings to secure your Android device.
You should also have a security plan in placeAs the spyware turns off can warn the person who put it.
For iPhone and iPad users: Spyzie is based on the use of the username and password of the victim’s Apple to obtain access to the data stored in the iCloud account. You should ensure that your Apple account uses Two -factor authenticationWhich is vital protection against account halls and the primary way for stalkerware to target your data. You should also check and Remove any devices from your Apple account that you don’t recognize.
If you or someone you know needs help, the national telephone line for approved violence (1-800-799-7233) provides free 24/7 confidential support to victims of home abuse and violence. If you are in an emergency mode, call 911. Coalition against Stalkerware It has resources if you think your phone has been violated by Spyware.
