A security flaw in the Catwatchful Android spyware, disguised as a child monitoring application, has revealed the full database of email addresses and plaintext passwords for over 62,000 customers. Catwatchful, which can access private contents of victims' phones like messages, photos, and live audio, targets individuals through illegal non-consensual surveillance. This incident marks at least the fifth breach of a spyware operation this year, highlighting the ongoing proliferation and security issues associated with consumer-grade spyware that puts both users and victims at risk.
Catwatchful is spyware masquerading as a child monitoring app that claims to be "invisible and cannot be detected," all the while uploading the victim's phone's private contents to a dashboard viewable by the person who planted the app.
The incident shows that consumer-grade spyware continues to proliferate, despite being prone to shoddy coding and security failings that expose both paying customers and unsuspecting victims to data breaches.
According to a copy of the database from early June, which TechCrunch has seen, Catwatchful had email addresses and passwords on more than 62,000 customers and the phone data from 26,000 victims' devices.
Spyware apps like Catwatchful are banned from the app stores and rely on being downloaded and planted by someone with physical access to a person's phone.
Collection
[
|
...
]