Massive Stalkerware Exposes Tens of Thousands of Android Devices to Privacy Breach

A shocking discovery by Switzerland-based hacker maia arson crime has revealed that an Iranian stalker ware company named ‘virsys’ or ‘virsis’ has been spying on thousands of Android devices since 2016. This nefarious stalkerware, known as Spyhide, has been surreptitiously collecting real-time information, including contacts, messages, photos, call logs, recordings, and precise location data, and transmitting it to the Iranian software company.

TechCrunch, having gained access to Spyhide’s text-only database, has shed light on the extensive scale of these attacks, estimating that around 60,000 Android devices have fallen victim to this privacy invasion. The investigation found that over 100,000 location data points were uploaded from a single US-based device, with an additional 3,000 US devices contributing to the alarming data logs. Other targeted regions include central and eastern Europe, the UK, Brazil, and Indonesia, indicating the global reach of this malicious operation.

While the number of affected victims has been reduced by individuals using multiple devices, the overall impact remains significant. TechCrunch’s findings reveal that a staggering 3.3 million text messages containing sensitive information such as two-factor authentication (2FA) codes and password reset links were compromised. Moreover, 1.2 million call logs with recipients’ phone numbers and 312,000 call recording files were exposed, further amplifying the severity of this breach.

Disturbingly, Spyhide also harvested 925,000 contact lists, 382,000 photos, and 6,000 ambient recordings from victims’ devices. The covert app, downloaded directly from Spyhide’s website instead of the Play Store, evaded Google’s screening, making it harder to hold the tech giant accountable. However, enabling Google Play Protect offers some protection against stalkerware and malware threats.

TechCrunch attempted to reach out to the two Iranian developers, Mostafa M and Mohammad A, but received no response. Mohammad A claimed to have been briefly involved with the project as a contractor eight years ago, according to an email sent to maia arson crimew.

German web hosting provider Hetzner, identified as the host for Spyhide data logs, stated that it does not permit the hosting of spyware, indicating that the stalkerware’s activities are clearly in violation of the hosting service’s terms.

This alarming revelation highlights the urgent need for vigilance and robust security measures to protect users from such invasive stalkerware and safeguard their privacy in the ever-evolving digital landscape.