Latest news with #OmarSocaCharcov
Business Insider
26-07-2025
- Business
- Business Insider
Google (GOOGL) Shuts Down a Phone Spyware App that Was Operating on Its Servers
Tech giant Google (GOOGL) has shut down Catwatchful, a phone surveillance app that was secretly using the company's Firebase platform to store and operate its spyware. The move happened about a month after TechCrunch notified Google that Catwatchful was holding stolen data from thousands of hacked phones on Google's servers. Interestingly, Catwatchful targeted Android devices and disguised itself as a child-monitoring app. Unfortunately, it was often misused for stalking partners or other non-consensual surveillance. Elevate Your Investing Strategy: Take advantage of TipRanks Premium at 50% off! Unlock powerful investing tools, advanced data, and expert analyst insights to help you invest with confidence. To install the app, someone needed physical access to the target's phone, which was usually gained by knowing the passcode. Once installed, it hid itself from the home screen and quietly uploaded private messages, photos, location data, and more to a web dashboard controlled by the person who planted it. However, in June, TechCrunch discovered a major flaw in Catwatchful's systems that left its database wide open without requiring a password, thereby exposing sensitive information about both victims and paying customers. The exposed data included details from over 26,000 infected devices, along with more than 62,000 customer email addresses and plaintext passwords. It also identified the app's creator as Omar Soca Charcov, who is a developer based in Uruguay. Since there was no sign that Charcov planned to notify the affected users, TechCrunch shared the data with Have I Been Pwned, which is a site that warns people about breaches. It is worth noting that Catwatchful is now one of several spyware operations in recent years that have leaked sensitive information. Is Google Stock a Good Buy? Turning to Wall Street, analysts have a Strong Buy consensus rating on GOOGL stock based on 28 Buys and nine Holds assigned in the past three months. Furthermore, the average GOOGL price target of $215.11 per share implies 11.6% upside potential.
Tahawul Tech
07-07-2025
- Tahawul Tech
Catwatchful data breach exposes thousands in latest stalkerware scandal
Security flaw highlights the ongoing risks of consumer-grade spying apps—and the need for greater public awareness. A covert Android application called Catwatchful, marketed as an 'invisible' child-monitoring tool, has suffered a major data breach that laid bare the email addresses and plaintext passwords of more than 62,000 paying customers and leaked stolen data from at least 26,000 victims' phones. The discovery, first reported by TechCrunch and attributed to security researcher Eric Daigle, shows that Catwatchful's unauthenticated programming interface allowed anyone on the internet to query its entire user database. Most victims were located in Mexico, Colombia, India, Peru, Argentina, Ecuador and Bolivia. Catwatchful is best described as stalkerware: consumer spyware that must be installed manually on a target's handset and then operates in secret, siphoning off photos, messages, real-time location data and even live microphone and camera feeds to a web dashboard controlled by the perpetrator. Although such apps are banned from official app stores, their availability via third-party sites continues to fuel intimate-partner surveillance and other forms of tech-enabled abuse. The leaked database also exposed the identity of the app's administrator, Omar Soca Charcov, a developer based in Uruguay who has so far declined to comment on the breach. Catwatchful is at least the fifth stalkerware service this year to suffer a hacking-related data spill, underscoring a pattern of lax security across the industry and the double-edged privacy threat these tools pose to both victims and buyers. Kaspersky, which classifies Catwatchful as stalkerware and has been detecting it since 2018, says the incident is further evidence that users and policymakers must remain vigilant. Tatyana Shishkova, Lead Security Researcher at Kaspersky GReAT, offered the following rapid response: 'Stalkerware remains a global and serious problem, as confirmed by the recent reports on the Catwatchful app. While such products are typically marketed as legitimate parental control apps, they pose significant risks: they operate stealthily, being installed without a person's knowledge or consent, and provide a perpetrator with the means to secretly monitor the victim's most private information. Moreover, such apps, despite the developer's claims about security, pose privacy risks to the perpetrators themselves. There are frequent data leaks, as recent media reports confirm. Although it was reported that the app 'is invisible and undetectable on the phone', Kaspersky has been detecting Catwatchful as stalkerware since 2018. The 'Who's spying on me' functionality enables users of the Kaspersky app for Android with a dedicated notification when this stalkerware is detected. This case reinforces the need to continuously raise awareness about stalkerware and tech-enabled abuse, empowering individuals with the knowledge on how to protect both their digital and physical lives.' Why it matters Catwatchful's breach illustrates three persistent dangers: Victim exposure – Intimate data can be harvested without consent and then leak wholesale when attackers exploit poor security hygiene. Perpetrator risk – Buyers entrust their credentials and sometimes incriminating evidence to vendors whose safeguards are minimal. Policy gaps – Stalkerware occupies a grey zone in many jurisdictions, complicating enforcement and takedown efforts. Cyber-safety advocates, including the global Coalition Against Stalkerware, argue that the only sustainable fix is a combination of tougher regulation, stricter platform policing and wider public education on detecting and removing clandestine tracking apps. For Android users concerned about possible compromise, Kaspersky and other security vendors recommend running a reputable mobile security suite, checking for unfamiliar accessibility-service permissions and keeping devices updated with the latest patches. Victims of tech-facilitated abuse can also seek specialised support from local domestic-violence hotlines and digital-safety organisations.
