Security alert: 9 apps caught stealing personal data

By Kim Komando

February 23, 2022

© Roman Samborskyi | Dreamstime.com

Smartphones are so intertwined into our daily lives that if you misplace yours or it gets stolen, it will be more than just an inconvenience. Tap or click here to find your phone when it’s lost (even if the battery is dead).

Possibly thousands of photos, contacts and messages will be lost in the blink of an eye. The concerning aspect is that criminals don’t need to steal your physical phone. Malware has been used for years to swipe personal information, but that is only the tip of the iceberg.

A batch of spyware apps found in an official app store has vulnerabilities in their code that can expose personal data. Read on to see the list of bad apps so you can delete them ASAP.

Here’s the backstory

Spyware apps can be used to track children and make sure they are where they’re supposed to be at all times to help keep them safe. Of course, spyware apps can also be used maliciously to stalk people. It’s known as stalkerware in those situations.

Some use stalkerware to keep tabs on their spouse or ex. The stalker will download spyware onto the person’s phone they want to track, normally without their knowledge.

Beyond the expected risks of using spyware is a new threat discovered in a collection of Android apps found on the Google Play Store.

Over several months, TechCrunch investigated spyware apps and found a dangerous flaw in nine of them. The problem is the apps don’t adequately authenticate or authorize API requests. That means an unauthenticated, remote attacker can access personal information from any device with one of the spyware apps installed.

The apps have been downloaded more than 400,000 times in eight countries, including the U.S. All the apps in question appear to come from a company called 1Byte located in Vietnam.

Delete these data-exposing apps now

The investigation turned up nine almost identical apps from 1Byte that have the data-exposing flaw.

Here is a list of the flawed apps:

1. Copy9
2. MxSpy
3. TheTruthSpy
4. iSpyoo
5. SecondClone
6. TheSpyApp
7. ExactSpy
8. FoneTracker
9. GuestSpy

Once any of the apps are on your device, it will give cybercriminals access to view data that includes:

• Messages
• Contacts
• Location
• Photos
• Calling history

If you have any of the apps on the list, delete them immediately. Here is how to delete apps on your Android phone:

• Open the Google Play Store app on your phone.
• In the top-right corner, tap on your profile picture.
• Tap Manage apps & devices, then Manage.
• Go through the list of installed apps and look those on the list.
• Tap the name of the app you want to delete, then tap Uninstall.

Keep reading

FTC just banned a spyware app with 1M downloads – How to know if it’s on your phone

Phone hacked? Apple says it will alert you if your iPhone has spyware

Tags: Android, Apple, Apple iPhone, contacts, criminals, cybercriminals, Google Play Store, malware, messages, personal information, photos, smartphones, spyware, stalkerware, vulnerabilities