WebDetetive is a spyware that is used to spy on third party phones; Hackers delete victims’ data, but they carry information from “spies”
The Brazilian app WebDetetive, which is used to spy on third-party smartphones, has been invaded and data of 76,000 users stolen by hackers. Cybercriminals have posted a note (accessed by Techcrunch) where they explain how they invaded the application’s servers through vulnerabilities. Spyware victims’ information has been erased by hackers.
Those responsible for the attack used flaws in the app’s web dashboard to steal “customer” information. Among the stolen data are purchase history, cell phones the user was ‘stalking’, IP and email – the latter being the most sensitive. WebDetetive hasn’t made an announcement yet – and it shouldn’t.
Hackers claim to have deleted the stalked data
In a note from the cybercriminals, who did not identify themselves and were among the 1.5 GB of data “extracted”, they claim to have deleted the data from the spied smartphones. As much as two wrongs can’t make a right, the hackers’ stance and the text of the memo, in which they take a stand against stalkerware (another name for spyware), will help people who have been spied on. When using these apps, there is always the possibility that the victim may be in a vulnerable position.
Cybercriminals also “break” the connection between the WebDetetive server and the stalking mobiles. This prevents new data from being sent to “spies”. In all, the hackers stole data from 76,794 Android smartphones. The app can only be installed via sideloading, as app stores do not allow developers to upload spyware.
WebDetetive is another spyware that has been attacked in recent months
The WebDetetive spyware attack is another attack against apps of this kind in recent months. In June, LetMeSpy creator data was exposed in an attack. In this case, the application of Polish origin also did not comment on the invasion of its servers.
Since it is a “controversial” (and even criminal in some cases) app, the creators prefer to keep quiet about the situation. Thus, WebDetetive also should not make a statement about the attack it suffered.
With information: Techcrunch