"Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?" 12 February 2024

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed.

Now, two hacking groups have independently found the flaw that allows the mass access of victims’ stolen mobile device data directly from TheTruthSpy’s servers...

...The latest batch of data includes the Android device identifiers of every phone and tablet compromised by TheTruthSpy up to and including December 2023. The data shows TheTruthSpy continues to actively spy on large clusters of victims across Europe, India, Indonesia, the United States, the United Kingdom and elsewhere.

TechCrunch has added the latest unique identifiers — about 50,000 new Android devices — to our free spyware lookup tool that lets you check if your Android device was compromised by TheTruthSpy...The lookup tool looks for matches against a list of IMEI numbers and advertising IDs known to have been compromised by TheTruthSpy and its clone apps. TechCrunch also has a guide on how to remove TheTruthSpy spyware — if it is safe to do so...

...For a time, TheTruthSpy was one of the most prolific apps for facilitating secret mobile device surveillance.

TheTruthSpy is one of a fleet of near-identical Android spyware apps, including Copy9 and iSpyoo and others, which are stealthily planted on a person’s device by someone typically with knowledge of their passcode. These apps are called “stalkerware,” or “spouseware,” for their ability to illegally track and monitor people, often spouses, without their knowledge.

Apps like TheTruthSpy are designed to stay hidden on home screens, making these apps difficult to identify and remove, all the while continuously uploading the contents of a victim’s phone to a dashboard viewable by the abuser...

...TechCrunch later found that a Vietnam-based startup called 1Byte is behind TheTruthSpy. Our investigation found that 1Byte made millions of dollars over the years in proceeds from its spyware operation by funneling customer payments into Stripe and PayPal accounts set up under false American identities using fake U.S. passports, Social Security numbers and other forged documents...

...For as long as it remains online and operational, TheTruthSpy will threaten the security and privacy of its victims, past and present. Not just because of the spyware’s ability to invade a person’s digital life, but because TheTruthSpy cannot keep the data it steals from spilling onto the internet...