Google took about a month to shut down a spyware app called Catwatchful that was using its cloud tools to steal data from people’s phones. The spyware was discovered by a security researcher named Eric Daigle, who found that it was using Google’s Firebase service to collect private information from Android phones, like photos, messages, call logs, microphone recordings, and location history.
Daigle also found a major flaw in the spyware’s system. Its server had a bug that made it easy for anyone to break in and download all its data. Through this bug, he was able to access the email addresses and passwords of more than 62,000 people who had used the spyware. He also found stolen data from over 26,000 victim phones, going back to 2018, from countries like Mexico, Colombia, India, Peru, and others.
Related: Google Launches AI-Powered ‘Web Guide’ to Organise Search Results
The leaked files also revealed who was running the spyware. The name, email, and phone number of a man from Uruguay were listed in the database as the first user. He did not respond to requests for comment.
Google took action after being alerted. It added Catwatchful to its Safe Browsing list, blocked the spyware through Google Play Protect, and began investigating its use of Firebase. But even after the main site was taken down on June 25, Catwatchful popped back up on another domain the next day, then added a firewall on June 27 to block further access to the stolen data.
The app didn’t come from the Play Store. It had to be installed manually and stayed hidden on phones. Victims couldn’t see it as an app icon, it only showed up if someone dialled a secret code.
This is the fifth time this year that a spyware app like this has leaked its data. Each time, both the people using the spyware and the victims being tracked had their information exposed because of poor security practices.
