Data Data in Stalkerware Spyx affects nearly 2 million, including thousands of Apple users

A user -class spyware operation called Spyx was affected by data breach last year, TechCrunch has learned. The violation reveals that SPYX and two more related mobile applications have had records of almost two million people at the time of the violation, including thousands of Apple users.

Data breach dates from June 2024, but has not been reported earlier and there are no indications that Spyx operators have ever notified their customers or those directed by spyware.

The Spyx family from mobile spyware is already from our number, The 25th mobile monitoring operation of 2017 It is known that he has experienced a violation of the data or otherwise spilled or exposed the data to his victims or users, showing that the spy industry of users continues to distribute and at risk the personal data of people.

Violation also gives a rare view of how Stalkerware Like Spyx, it can be focused on Apple’s customers.

Troy Hunt that manages a data disruption site Was I pwnedHe received a copy of the broken data in the form of two text files that contained 1.97 million unique account entries with related email addresses.

Hunt said the bigger part of the email addresses were related to Spyx. The cache also includes less than 300,000 email addresses associated with two almost identical branches of the Spyx application called Msafely and Spyphone.

About 40% of email addresses were already in PW, Hunt said.

As with previous violations “Sensitive,” which only allows the person with an affected email address to see if their information is part of this violation.

Spyx operators did not answer TechCrunch emails with questions about the violation, and the WhatsApp number listed on the Spyx website returned a message saying it was not registered with the message app.

Another spyware, another violation

Spyx is charged as a mobile software to monitor Android and Apple devices seemingly to provide parental child’s parental control.

The Gold of Observation, such as Spyx, also goes with the term Stalkerware (And wives) because sometimes operators explicitly promote their products as a way to spy on a spouse or home partner, which is widely illegal without the knowledge of that person. Even when operators do not explicitly encourage this illegal use, spy applications share much of the same hidden data theft options.

User class spy, such as Stalkerware, usually works in one of the two ways.

Applications that work on Android devices, including Spyx, are usually downloaded outside the Official Google Play App app and require someone with physical access to the victim’s device – usually by knowing their password – to weaken their security settings and plant spy software.

Apple has more stringent rules on which applications can be in the app store and run on the iPhone and iPad, so Stalkerware usually fits into a copy of the backup of the device found in the Apple cloud storage service. With a person’s identification data, Stalkerware can constantly download the victim’s most backup directly from Apple’s servers. ICloud spare copies Keep the majority the data of the person’s device, including messages, photos and application data.

According to Hunt, one of the two files in cache violations listed in iCloud in its name on a file and contains about 17,000 different sets of Apple Text usernames and passwords.

So Have I been subscribers whose Apple email addresses and passwords were found in the data. Hunt said several people confirmed that the information he provided was accurate.

Given the possibility of a constant risk for victims whose account identification data can still be valid, Hunt provides the list of violated ICloud ICLoud identification data before posting. Apple does not comment when it is reached by TechCrunch.

As for the other email addresses and passwords found in the broken text files, it was less clear whether they were working identification data for each service other than SPYX and its cloning applications.

In the meantime, Google has downloaded Chrome extension related to the Spyx campaign.

“Chrome’s web shop and Google Play Store policies clearly prohibit malicious code, spyware and stalkerware and if we find violations, we take appropriate action. If a user suspects their Google account, they must take Recommended steps Immediately secure it, “Google spokesman Ed Fernandez told TechCrunch.

How do I look for Spyx

TechCrunch has a Guide to remove spyware for Android users This can help you identify and remove common types of phone monitoring applications. Don’t forget to have safety planGiven that excluding the application can alert the person who planted it.

For Android users, turning on Google Play Protect is a useful security feature that can help protect against Android malware, including unwanted phone monitoring applications. You can activate Google Play from the app settings if it is no longer activated.

Google’s bills are much more protected with Two -factor authenticationwhich can better protect yourself from infiltration into account and data and know What steps to take if your Google Account is compromisedS

IPhone and iPad users can check and Remove all devices from your account you don’t recognizeS You need to make sure your Apple account uses a long and unique password (Ideally saved in a password manager) and that your account also has Included two -factor authenticationS You should also change your iPhone or iPad password if you think someone may have physically compromised your device.

If you or someone you know, you need help, the national hot line of domestic violence (1-800-799-7233) provides 24/7 free, confidential support for victims of domestic violence and violence. If you are in an emergency, call 911. Coalition vs. Stalkerware There are resources if you think your phone has been compromised by Spyware.