Google Took a Month to Shut Down Phone Spyware 'Catwatchful'

Google Suspends Phone Surveillance Operator Catwatchful

The account belonging to phone surveillance operator Catwatchful has been suspended by Google. This action was taken due to the company’s utilization of Google’s servers for hosting and running its monitoring software.

Spyware Operation Hosted on Firebase

Google’s decision to dismantle this spyware operation followed a month after TechCrunch brought to their attention that the operation was being hosted on Firebase, a developer platform offered by Google. Catwatchful was heavily reliant on Firebase for both hosting and storing the substantial volumes of data obtained from thousands of phones compromised by its spyware.

“An investigation into the reported Firebase operations has been completed, and accounts have been suspended as a result of violating our terms of service,” stated Google spokesperson Ed Fernandez in a communication with TechCrunch this week.

Delayed Response and Commercial Interests

When questioned by TechCrunch regarding the month-long delay in investigation and subsequent suspension, Google refrained from providing a specific explanation. However, the company’s terms of use explicitly prohibit the hosting of malicious software or spyware operations on its platforms. As a commercially driven entity, Google maintains a vested interest in retaining customers who contribute financially through service fees.

As of Friday, network traffic analysis conducted by TechCrunch indicates that Catwatchful is no longer operational and is not transmitting or receiving data.

Catwatchful: Android Spyware Disguised as a Child-Monitoring App

Catwatchful functioned as Android-specific spyware, marketed as a child-monitoring application designed to remain “undetectable” to the user. Similar to other applications of this nature, physical installation onto the target phone was required, typically necessitating prior knowledge of the device’s passcode.

These types of monitoring applications are frequently referred to as “stalkerware” or “spouseware” due to their common misuse in conducting non-consensual surveillance of spouses and romantic partners, an activity that is often illegal.

Upon installation, the application was engineered to remain concealed from the victim’s home screen. It then proceeded to upload the victim’s private messages, photographs, location data, and other sensitive information to a web dashboard accessible to the individual who installed the app.

Discovery of a Security Bug

TechCrunch initially became aware of Catwatchful in mid-June when security researcher Eric Daigle identified a security vulnerability exposing the spyware operation’s backend database.

This vulnerability permitted unrestricted access to the database, meaning no authentication credentials were required to view the contained data. The database held over 62,000 customer email addresses and passwords in plaintext, alongside records pertaining to 26,000 devices compromised by the spyware.

Identification of the Operator

The data also revealed the identity of the administrator behind the operation: Omar Soca Charcov, a developer based in Uruguay. TechCrunch reached out to Charcov to inquire about the security lapse and whether he intended to notify affected individuals of the breach. However, Charcov did not respond to the inquiry.

Data Breach Notification

Due to the lack of response from Charcov and the absence of any indication he would disclose the breach, TechCrunch provided a copy of the Catwatchful database to Have I Been Pwned, a data breach notification service.

Recurring Data Breaches in the Surveillance Industry

Catwatchful represents the latest in a growing number of surveillance operations that have experienced data breaches in recent years, largely attributable to inadequate coding practices and deficient cybersecurity measures. TechCrunch reports that this is the fifth spyware operation this year to suffer a data spill, adding to a list of over two-dozen known spyware operations since 2017 that have exposed their data repositories.

As previously reported, Android users can determine if the Catwatchful spyware is installed on their device, even if hidden, by dialing 543210 using the phone app’s keypad and initiating a call.

It is important to establish a safety plan before removing spyware from your phone.

Resources for Assistance

—

If you or someone you know requires assistance, the National Domestic Violence Hotline (1-800-799-7233) offers 24/7 free, confidential support to victims of domestic abuse and violence. In emergency situations, please call 911. The Coalition Against Stalkerware provides resources for individuals who suspect their phone has been compromised by spyware.