Security breach reveals Catwatchful spyware is snooping on thousands of phones – here’s how to stay safe – 1v1 Video Chat & LIve Streaming & Influencer Subscription

By Craig Hale

Tech Radar Pro

Tech Radar Gaming

Tech Radar Pro

TechRadar the business technology experts

Search TechRadar

View Profile

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

Expert Insights

Website builders

Web hosting

Best website builder
Best web hosting
Best office chairs
Best antivirus
Expert Insights

You may like

These three stalkerware apps have just gone dark, and a data breach could be to blame

This dangerous new malware is hitting iOS and Android phones alike – and it’s even stealing photos and crypto

Spyware combing for data ‘of use to China’ hidden inside religious and cultural apps

Catwatchful app is full of spyware
As is typical from stalkerware like this, Catwatchful is an app that operates outside of the Play Store, requiring physical installation via a process known as sideloading.

The app’s admin, Uruguay-based developer Omar Soca Charcov, has been exposed because the email he used for Catwatchful had been reused on LinkedIn.
Daigle also noted that Charcov’s admin account was the first record in the breached database, with password recovery linked to his personal email address.
The data was stored on Google Firebase, sent via a custom API that was unauthenticated, resulting in open access to user and victim data. The report also confirms that, although hosting had initially been suspended by HostGator, it had been restored via another temporary domain.

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Most affected devices affect users in Mexico, Colombia, India, Peru, Argentina, Ecuador and Bolivia.
Daigle was able to exploit a SQL injection vulnerability to get access to the database, leading him to conclude that Firebase was not the source of the vulnerability, but rather the API.
Google has been notified, and although the app isn’t distributed on the Play Store, the company has added Google Play Protect alerts for Catwatchful.
To stay protected from threats like this, it’s important to use the best antivirus software, reliable malware removal tools, and strong endpoint protection.
Even well-known apps and tools can have flaws, so running trusted security software and keeping all apps current helps reduce the risk of malware slipping through unnoticed.
You might also like

New spyware found to be snooping on thousands of Android and iOS users
Why not install one of the best Android antivirus apps to stay safe
Check out the best business VPN tools to keep protected as well

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

These three stalkerware apps have just gone dark, and a data breach could be to blame

This dangerous new malware is hitting iOS and Android phones alike – and it’s even stealing photos and crypto

Spyware combing for data ‘of use to China’ hidden inside religious and cultural apps

Major data breach at popular hookup app leaks data on millions of users – see if you’re safe

Watch out, your work mobile apps could be a huge security risk – here’s what to look out for

Cyberattacks on smartphones hit new high – here’s how to stay safe

Latest in Security

The AI-powered future of ransomware is coming soon – here’s what we need to look out for

Cisco warns of a serious security flaw in comms platform – and that it needs patching immediately

Google has patched another urgent security flaw in Chrome – so update now or be at risk

Security experts flag another worrying issue with Anthropic AI systems – here’s what they found

Insurance group Kelly Benefits says over half a million people now affected in major data breach – here’s what we know

AT&T has a new tool to stop dangerous SIM swapping attacks – here’s how it will keep you safe

Latest in News

An unannounced MMO from The Elder Scrolls Online developer has been canceled by Xbox after seven years of work

The Pixel 6a will get a mandatory update that will ‘reduce battery capacity’ soon – and other Pixel phones could be next

HPE and Juniper confirm merger deal

Phil Spencer somehow thinks that Xbox has ‘never looked stronger’ as multiple games are canceled

Nobody wants 8GB GPUs from Nvidia and AMD – and this retailer just made that clear

More Samsung Galaxy tri-fold specs have just leaked – but it could be a while before you can buy it