New spyware found to be snooping on thousands of Android and iOS users

News
By
published

Another stalkerware app found leaking data

Stalkerware
(Image credit: Shutterstock.com / New Africa)
  • Spyzie was found to be vulnerable to the same flaw as Cocospy and Spyzie
  • More than half a million Android users were exposed
  • Roughly 4,900 iOS users were exposed as well

Hundreds of thousands of Android users, as well as several thousand iPhone users, have had their sensitive data compromised by a spouseware app, called Spyzie.

The apps were found leaking email addresses, text messages, call logs, photographs, and other sensitive data, belonging to millions of people who, without their knowledge or consent, have had these apps installed on their devices. The people who installed those apps, in most cases partners, parents, significant others, have also had their email addresses exposed in the same manner.

The researcher who found all of these flaws is not sharing the details just yet, claiming they’re quite simple to exploit and haven’t been addressed yet.

Email addresses and more

Spyware apps, often also called “spouseware”, are apps that people covertly install on mobile devices belonging to their partners, children, or similar. They are advertised as legitimate monitoring apps, but are essentially operating in the grey zone and are not allowed on major app stores, such as the App Store or Play Store.

This is the third such app with the same flaw, after a cybersecurity researcher recently analyzed Cocospy and Spyic, two other popular spyware apps whose code apparently has significant overlaps, allowing the researcher to pull sensitive information from their servers.

The researcher managed to exfiltrate 1.81 million of email addresses used to register with Cocospy, and roughly 880,000 addresses used for Spyic. Besides email addresses, the researcher managed to access most of the data harvested by the apps, including pictures, messages, and call logs.

For Spyzie, the researcher managed to collect more than 510,000 unique email addresses of Android users, and sensitive data on at least 4,900 iPhone and iPad users.

The operators did not respond to media inquiries and have not, at press time, addressed the vulnerabilities.

Via TechCrunch

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
Crowdstrike logo

Will Chinese cyberespionage be more aggressive in 2025? CrowdStrike thinks so
A computer being guarded by cybersecurity.

Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Christophe Laporte, Wout van Aert and Arnaud De Lie climb the Muur van Geraardsbergen in front of big crowds during the 2024 Omloop Het Nieuwsblad.

Omloop Het Nieuwsblad live stream 2025: How to watch WorldTour cycling online from anywhere
See more latest