Google has suspended Catwatchful's account, a phone monitoring operator who was using Tech Giant's servers to host and operate monitoring software.
Google's move to shut down Spyware operations takes place a month after TechCrunch warns the tech giant. The operator was hosting Firebase Opering, one of Google's developer platforms. Catwatchful relied on Firebase to host and store a huge amount of data stolen from thousands of phones compromised by spyware.
“We investigated these reported Firebase operations and stopped because we violated our Terms of Use,” Google spokesperson Ed Fernandez told TechCrunch this week's email.
When asked by TechCrunch, Google didn't say why it took a month to investigate and suspend the FireBase account for the operation. The company's own terms and conditions significantly prohibit customers from hosting malicious software or spyware operations on the platform. As a for-profit company, Google has a commercial interest in retaining customers who pay for its services.
As of Friday, Catwatchful had not stopped working, and according to network traffic analysis of spyware performed by TechCrunch, it does not appear to send or receive data.
Catwatchful was an Android-specific spyware that presented itself as a “undetectable” child surveillance app for users. Like other phone spyware apps, CatWatchful usually requires customers to physically install it on the phone of someone who needs prior knowledge of the passcode. These surveillance apps are often referred to as “Stalkerware” (or spouses) and tend to be used for nonconsensual surveillance of a spouse or romantic partner.
Once installed, the app remains hidden from the victim's home screen, and was designed to upload the victim's private messages, photos, location data, and more to a web dashboard that can be viewed by those who planted the app.
TechCrunch first learned Catwatchful in mid-June after security researcher Eric Daigle identified a security bug that exposes the Spyware Operation backend database.
A bug has enabled unrecognized access to the database. This means that no password or credentials were required to check the internal data. The database included over 62,000 catwatchers' customer email addresses and plain text passwords, and included records for 26,000 victim devices that were compromised by spyware.
The data was also made public with the administrator behind Operation, a Uruguay-based developer called Omar Soka Chakov. TechCrunch contacted CARCOV to ask if they were aware of the security lapse or if they would like to notify affected individuals of the violation. Charcov didn't respond.
With no clear indication that Carcov would disclose the violation, TechCrunch provided a copy of the CatWatchful database to its Data Break Notification Service.
Catwatchful is the latest list of long lists of surveillance operations that have largely experienced data breaches in recent years due to their jarring coding and poor cybersecurity practices. Catwatchful has made its bank of data public by counting the fifth spyware operation of the year to leak users' data and the latest entries that have appeared in the list of more than two dozen known spyware operations since 2017.
As mentioned in the previous story, Android users can identify whether Catwatch Full Spyware is installed even if the app is hidden by dialing the 543210 on the Android phone app's keypad and pressing the call button.
Don't forget to make a safety plan before removing spyware from your phone.
–
If you or someone you know needs help, the domestic domestic violence hotline (1-800-799-7233) provides secret support to victims of domestic abuse and violence 24/7. If you are in an emergency, call 911. If you think your phone is compromised by Spyware, then the federation against Stalkerware has resources.