Google has suspended the Firebase account of Catwatchful, a spyware operation that used Google's servers to host and run its surveillance app. The app stealthily monitored thousands of phones. Catwatchful, disguised as a generic 'Settings' app, secretly harvested data, including text messages, photos, real-time location, and ambient audio.
The spyware, which required physical access to install, operated outside the Google Play Store. Once installed, it was virtually undetectable, employing a hidden backdoor code. A security flaw exposed Catwatchful's entire customer database, revealing over 62,000 email addresses and passwords. The breach also compromised the operation's administrator, exposing their identity. The majority of compromised devices were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia.
Google has added new protections to detect Catwatchful with Play Protect, its built-in Android security scanner. Android users can check for Catwatchful by dialing a specific code in their phone app. The app's custom backend was vulnerable to SQL injection attacks.
Related Articles
Cloaked Adds AI Shield
Read more about Cloaked Adds AI Shield →
UK Grapples with Encryption
Read more about UK Grapples with Encryption →
AI Demands Data: Security?
Read more about AI Demands Data: Security? →
Confident Security Launches with CONFSEC
Read more about Confident Security Launches with CONFSEC →