- Catwatchful data leak affects 62,000 victims, including 26,000 victims’ phone data
- The dodgy developer outed himself by reusing an email address
- Google has committed to warning users about the app
Security researcher Eric Daigle has revealed information about a serious data breach affecting Catwatchful, an Android spyware app disguised as a child monitoring tool.
A full user database with plaintext passwords and email addresses affecting over 62,000 users has been leaked as a result, with phone data like messages, photos, location, mic and camera feeds also putting 26,000 victims at risk.
According to the report, the spyware app runs in stealth mode hidden from users, collecting and uploading information.
Catwatchful app is full of spyware
As is typical from stalkerware like this, Catwatchful is an app that operates outside of the Play Store, requiring physical installation via a process known as sideloading.
The app’s admin, Uruguay-based developer Omar Soca Charcov, has been exposed because the email he used for Catwatchful had been reused on LinkedIn.
Daigle also noted that Charcov’s admin account was the first record in the breached database, with password recovery linked to his personal email address.
The data was stored on Google Firebase, sent via a custom API that was unauthenticated, resulting in open access to user and victim data. The report also confirms that, although hosting had initially been suspended by HostGator, it had been restored via another temporary domain.
Most affected devices affect users in Mexico, Colombia, India, Peru, Argentina, Ecuador and Bolivia.
Daigle was able to exploit a SQL injection vulnerability to get access to the database, leading him to conclude that Firebase was not the source of the vulnerability, but rather the API.
Google has been notified, and although the app isn’t distributed on the Play Store, the company has added Google Play Protect alerts for Catwatchful.
To stay protected from threats like this, it’s important to use the best antivirus software, reliable malware removal tools, and strong endpoint protection.
Even well-known apps and tools can have flaws, so running trusted security software and keeping all apps current helps reduce the risk of malware slipping through unnoticed.
