CatWatchful stalkerware breach reveals 62K customers, 26K victims – Cyber Tech
July 5, 2025
A CatWatchful Android stalkerware database was breached by a researcher final month, revealing the emails and passwords of 1000’s of customers.CatWatchful, which markets itself as a service for fogeys to observe their youngsters, permits customers to put in a hidden app on their goal’s gadget and acquire entry to the goal’s photographs, texts, calls, location information, digital camera, microphone and extra.Safety researcher Eric Daigle investigated the service in June and summarized his findings in a weblog put up Wednesday. He discovered that the service transmitted consumer account information and sufferer surveillance information to each a Google Firebase occasion and a database hosted on the area “catwatchful[.]pink.”The latter was discovered to have a weak endpoint, servicios.php, that accepts unauthenticated requests and doesn’t sanitize enter handed through the imei parameter.Utilizing sqlmap, Daigle confirmed {that a} non-blind UNION-based SQL injection leveraging the weak parameter and endpoint might be used to retrieve the whole database from the catwatchful[.]pink server.The uncovered database listed, in plaintext, the login emails and passwords of CatWatchful’s greater than 62,000 customers, courting again to 2018. TechCrunch Safety Editor Zach Whittaker, who helped Daigle contact Google and catwatchful[.]pink’s internet hosting service, reported that the database additionally included telephone information from about 26,000 of the stalkerware’s victims.The primary entry in one of many database tables revealed CatWatchful’s administrator to be a Uruguay-based developer named Omar Soca Charcov. Contaminated gadgets have been discovered to largely be situated in Mexico, India and several other South American nations together with Colombia, Peru and Argentina.After being contacted by Whittaker, Google added safety in opposition to CatWatchful to its Google Play Shield software, that means customers might be alerted if the app is put in on their telephone, and stated it might examine CatWatchful’s Firebase occasion, Daigle and Whittaker stated.The catwatchful[.]pink website was taken down by Internet hosting.com on June 25 however changed on the URL xng[.]vju[.]momentary[.]website the following day, and an internet software firewall was added quickly after to stop additional SQL injection, in line with Daigle. The location is now hosted by HostGator, Whittaker reported.Daigle’s analysis additionally revealed a backdoor function that permits anybody to seek out and take away the CatWatchful stalkerware by dialing 543210 on their Android telephone app, however Whittaker’s report famous that this might alert the one that put in it and needs to be performed with a security plan in thoughts.CatWatchful will not be the primary cell surveillance app to be breached this yr. In March, a vulnerability within the now-defunct Cocospy, Spyic and Spyzie stalkerware apps revealed about 3.2 million buyer e-mail addresses together with delicate data from victims’ gadgets. The SpyX stalkerware operation was additionally breached final yr, with practically 2 million account data stolen