Cocospy Stalkerware Apps Shut Down After Data Breach

Stalkerware Apps Cocospy, Spyic, and Spyzie Cease Operation

Three phone surveillance applications – Cocospy, Spyic, and Spyzie – which were previously implicated in the monitoring of millions of individuals, have been taken offline.

Details of the Apps

These applications, while branded differently, functioned as virtually identical stalkerware. They granted unauthorized access to a target’s personal information. This included messages, photos, call history, and real-time location data, typically without the user’s awareness.

Designed for covert operation, these apps were engineered to remain hidden from the device’s home screen. This made detection by victims exceptionally difficult, while simultaneously providing continuous access to the phone’s contents for the person who installed the app.

Security Flaw and Data Exposure

A significant security vulnerability was identified in February. A security researcher revealed to TechCrunch that this flaw allowed unrestricted access to the personal data of any device with one of these apps installed.

The vulnerability also exposed the extent of the surveillance activities. It revealed the email addresses of all users who had registered for these spyware services with the intent of deploying them on another person’s phone.

The researcher leveraged this flaw to collect 3.2 million email addresses associated with Cocospy, Spyic, and Spyzie customers. These addresses were then submitted to Have I Been Pwned, a data breach notification website.

Current Status of the Apps

Following reports of the data breach, the stalkerware apps have stopped functioning. Their websites are no longer accessible, and their cloud storage, hosted on Amazon, has been deleted, as discovered by TechCrunch.

The reason for the shutdown of these surveillance operations remains unclear. Attempts to contact the operators for comment have been unsuccessful.

Pattern of Shutdowns

It is common for consumer-grade phone surveillance operations to cease operations – or rebrand – after a security breach or data leak. This is typically done to mitigate legal and reputational damage.

For example, LetMeSpy, a Polish-developed spyware, announced its “permanent shutdown” in August 2023 after a data breach compromised its servers. Similarly, U.S.-based pcTattletale went out of business in May 2024 following a hack and website defacement.

Broader Trend of Stalkerware Breaches

Cocospy, Spyic, and Spyzie represent the latest in a growing number of phone surveillance operations that have been compromised due to poor coding or inadequate security measures. TechCrunch reports that at least 25 stalkerware operations have experienced breaches since 2017.

At least 10 of these operations, including Cocospy, have shut down as a direct result of a breach.

Misuse and Legality

Phone-monitoring apps are often marketed as parental control or tracking software. However, they are frequently misused – or explicitly promoted – for spying on spouses or partners without their consent, an activity that is illegal.

Consequently, stalkerware apps are prohibited from app stores and are not permitted to advertise on search engines. Web hosting providers, such as Amazon, also claim to prohibit surveillance operations from utilizing their platforms.

Recommendations for Affected Individuals

Although these three apps are currently inactive, individuals who suspect they may have been targeted should take steps to remove any remaining spyware from their devices.

Detecting and Removing the Apps

On Android phones, you can attempt to detect Cocospy, Spyic, and Spyzie by entering ✱✱001✱✱ on your phone’s keypad and pressing the “call” button. This activates a backdoor feature that will display the hidden stalkerware apps if they are installed.

Once identified, the malicious app, typically labeled “System Service,” can be deleted from your device.

Resources for Help

If you or someone you know requires assistance, the National Domestic Violence Hotline (1-800-799-7233) offers 24/7 free, confidential support to victims of domestic abuse and violence. In emergency situations, please call 911. The Coalition Against Stalkerware provides resources for individuals who believe their phone has been compromised by spyware.