When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device.
The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target's device.
As you may have read many times before on our blog, some spyware companies have a surprisingly low standard of security.
A security researcher found an issue while using a trial version of pcTattleTale, noticing that the company uploaded the screenshots to an unsecured online database.
Last week another security researcher, Eric Daigle, found the company appears to have learned nothing from its previous security issue.
Daigle found that pcTattleTale's Application Programming Interface allows any attacker to access the most recent screen capture recorded from any device on which the spyware is installed.
Despite repeated warnings from Daigle and others, no improvements were made.
Yet another researcher found yet another bug in pcTattletale which allowed them to gain full access to the backend infrastructure.
This allowed them to deface the website and steal the AWS credentials which turned out to be the same for all devices.
Amazon has now locked pcTattletale's entire AWS infrastructure.
According to 2023 research from Malwarebytes, 62 percent of people in the United States and Canada admitted to monitoring their romantic partners online in one form or another, from looking through a spouse's or significant other's text messages, to tracking their location, to rifling through their search history, to even installing monitoring software onto their devices.
Given the low security of the apps available to home users, this is extremely concerning.
Installing monitoring software is not just a huge invasion of privacy, there is a big chance that it will backfire.
Malwarebytes, as one of the founding members of the Coalition Against Stalkerware, makes it a priority to detect and remove stalkerware-type apps from your device.
It is good to keep in mind however that by removing the stalkerware-type app you will alert the person spying on you that you know the app is there.
Because the apps install under a different name and hide themselves from the user, it can be hard to find and remove them.
Tap Scan now It may take a few minutes to scan your device.
On Windows machines Malwarebytes detects pcTattleTale as PUP.Optional.
Cybersecurity risks should never spread beyond a headline.
Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.
This Cyber News was published on www.malwarebytes.com. Publication date: Tue, 28 May 2024 21:13:07 +0000