TECHCRUNCH has learned a consumer spy process called SPYX by violating last year’s data. The penetration reveals that Spyx and other relevant mobile applications have records of nearly two million people at the time of violation, including thousands of Apple users.
Data breach date dates back to June 2024 but has not been reported in advance, and there is no indication that Spyx operators have informed their customers or those targeting spyware.
Now the Spyx family of mobile spyware, through our number, The twenty -fifth portable monitoring process since 2017 It is known that the data breach, the spin or the data of their victims or users, which indicates that the consumer spyware industry continues to reproduce private data for individuals and endangered them.
The breach also provides a rare view of how Chaser Like Spyx, Apple customers can also be targeted.
Troy Hunt, which runs the data breach notification site Have you pwned?I received a copy of the penetrated data in the form of two text files, which contain 1.97 million unique account records with its associated email addresses.
Hunt said that the vast majority of email addresses are linked to SPYX. The cache also includes less than 300,000 e -mail addresses associated with semi -identical reproduction from the SPYX application called MSAFELY and Spyphone.
Hunt said about 40 % of email addresses were already present.
As with previous spyware violations, Hunt distinguished the SPYX data breach of whether Pwned as “sensitive,” Which only allows a person who has an email address affected to see if their information is part of this breach.
Spyx operators did not respond to Techcrunch emails with questions about hacking, and returned the WhatsApp number on the SPYX message saying it was not recorded in the correspondence application.
Other spyware, another breach
SPYX is described as a program to monitor mobile devices for Android and Apple devices, apparently to give them parental control in the child’s phone.
Monitoring programs, such as Spyx, also go through the term Chaser (And Moses) Because the operators sometimes are explicitly promoting their products as a means of spying on the husband or home partner, which is widely illegal without the knowledge of that person. Even when operators do not explicitly promote this illegal use, spyware applications share many of the same possibilities of stealing data.
Consumer espionage programs, such as chasing tools, usually work with two ways.
Applications that run on Android devices, including Spyx, are usually downloaded from the official Google Play app store and require a person with financial access to the victim’s device – usually with knowledge of their passcode – to weaken his safety settings and plant spyware.
Apple has more stringent rules about applications that can be on the application store and operate on iPhone and iPads, so long -clicking tools usually click on a copy of the backup of the device on the Apple cloud storage service, iCloud. With a person’s iCloud accreditation data, Stalkerware can download the last backup of the victim directly from Apple servers. ICloud backup Storage of the majority For a person’s device data, including messages, photos and application data.
According to Hunt, one of the files in the cache that was hacked in the file name in the file name included about 17,000 distinct collections of the names of the Apple Plaintext account.
Since ICLOD accreditation data in the penetrated cache clearly belongs to Apple customers, Hunt has sought to confirm the authenticity Have you subscribed to PWNED Email addresses and passwords in the Apple account in the data. Hunt said that many people confirmed that the information he provided was accurate.
Given the possibility of a constant risk for victims whose account accreditation data may still be valid, Hunt has provided the ICLOUD ICLOD data list that was hacked to Apple before posting. Apple was not attached to accessed by Techcrunch.
As for the rest of the email addresses and passwords in the text files that were hacked, it was clear whether these credentials are working for any service other than SPYX and their cloning applications.
Meanwhile, Google pulled the Chrome extension linked to the SPYX campaign.
“Chrome Web and Google Play Policy policies clearly prohibit the malicious code, spyware and anchor tools, and if we find violations, we take appropriate measures. Recommended steps Google spokesman Ed Fernandez immediately said.
How to search for spyx
Techcrunch has Directory to remove spy programs for Android users This can help you identify and remove common types of phone monitoring applications. Remember to be The safety plan is in placeSince turning off the application may alert the person who planted it.
For Android users and operation Google Play Protect It is a useful safety feature that can help protect against Android software, including unwanted phone monitoring applications. You can enable Google to run the application settings if it is not already enabled.
Google accounts are much more protected Dual factors authenticationWhich can protect better than account interventions and data, and know What steps should you be taken if your Google account is hacked.
IPhone and iPad users can check and Remove any devices from your account, do not recognize them. You should make sure that your Apple account uses a long and unique password (It was perfectly saved in the password manager) And that your account also has Dual factors have been running. You should also change the iPhone or iPad if you think someone might have your device physically.
If you or anyone you know need help, then the hotline of national violence (1-800-799-7233) provides free support around the clock throughout the week for victims of home abuse and violence. If you are in an emergency, call 911. The alliance against the tools of the chaser It has resources if you think your phone may be at risk with spyware.
https://techcrunch.com/wp-content/uploads/2021/12/apple-csam-encrypted.jpg?resize=1200,788
Source link