- Catwatchful data leak affects 62,000 victims, including 26,000 victims telephone data
- The doubtful developer was overcome by reusing an email address
- Google has promised to warn users about the application
The security researcher Eric Daigle has revealed information on serious data violation that affects Catwatchful, an Android Spyware application disguised as a child monitoring tool.
As a result, a complete user database has been leaked with text passwords without format and email addresses that affect more than 62,000 users, with phone data such as messages, photos, location, microphone and cameras that also put 26,000 victims at risk.
According to the report, the Spyware application is executed in a stealthy mode to users, collecting and loading information.
The catwatchful application is full of spyware
As is typical of Stalkerware like this, Catwatchful is an application that operates outside the Play Store store, which requires physical installation through a process known as Sideloading.
The application administrator, the developer based in Uruguay, Omar Soca Charcov, has been exposed because the email he used for Catwatchful had reused LinkedIn.
Daigle also pointed out that the Charcov administration account was the first record in the non -compliance database, with password recovery linked to its personal email address.
The data were stored in Google Firebase, sent through a personalized API that was not authenticated, which resulted in open access to user data and victims. The report also confirms that, although the accommodation had initially suspended by Hostgator, it had been restored through another temporal domain.
The most affected devices affect users in Mexico, Colombia, India, Peru, Argentina, Ecuador and Bolivia.
Daigle was able to exploit an SQL injection vulnerability to obtain access to the database, which led him to conclude that Firebase was not the source of vulnerability, but the API.
Google has been notified, and although the application is not distributed in Play Store, the company has added Google Play Protect alerts for Catwatchful.
To stay protected from threats such as this, it is important to use the best antivirus software, reliable malware elimination tools and strong final point protection.
Even well -known applications and tools can have failures, so executing trusted security software and maintaining all current applications helps reduce the risk of unnoticed.
