Read at TechCrunch
A spyware called TheTruthSpy is compromising thousands of Android devices and posing a security and privacy risk. Two hacking groups have independently discovered a flaw in the spyware's system, which allows for mass access to stolen mobile device data.
A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed.
Swiss hacker maia arson crimew and two hacking groups, SiegedSec and ByteMeCrew, identified and exploited the flaw. Crimew noted several new security vulnerabilities in TheTruthSpy's software stack.
Switzerland-based hacker maia arson crimew said in a blog post that the hacking groups SiegedSec and ByteMeCrew identified and exploited the flaw in December 2023. Crimew, who was given a cache of TheTruthSpy's victim data from ByteMeCrew, also described finding several new security vulnerabilities in TheTruthSpy's software stack.