A recent discovery by hacking groups SiegedSec and ByteMeCrew has revealed a significant security flaw in TheTruthSpy, a consumer-grade spyware operation. The flaw allows for mass access to stolen mobile device data directly from TheTruthSpy’s servers, putting the security and privacy of thousands of Android users at risk.
Key Takeaway
TheTruthSpy, a stalkerware operation, has left thousands of Android devices compromised due to a security flaw that exposes victims’ data. The spyware continues to pose a significant threat to the security and privacy of its victims, highlighting the ongoing risks associated with consumer-grade spyware.
New Security Vulnerabilities Uncovered
Switzerland-based hacker maia arson crimew, in collaboration with the hacking groups, identified and exploited the flaw in December 2023. The breached data obtained from ByteMeCrew included unique device IMEI numbers and advertising IDs of tens of thousands of Android phones compromised by TheTruthSpy. The compromised devices were found across Europe, India, Indonesia, the United States, the United Kingdom, and other regions.
Security Bug Exposes Victims’ Device Data
The security flaw in TheTruthSpy’s software stack allows for unfettered remote access to all the data collected from a victim’s Android device, including text messages, photos, call recordings, and real-time location data. Despite the discovery of the bug, the operators behind TheTruthSpy have not addressed the issue, leaving victims vulnerable to further compromise.
TheTruthSpy Linked to Vietnam-based Startup, 1Byte
Further investigations revealed that a Vietnam-based startup called 1Byte is behind TheTruthSpy. The operation made millions of dollars in proceeds by funneling customer payments into accounts set up under false American identities using forged documents. PayPal, Stripe, and U.S.-based web hosting companies have suspended the accounts and services associated with TheTruthSpy.
