WebDetetive, a spyware program that operates in Portuguese-speaking regions, has been implicated in compromising over 76,000 Android devices across South America, with a significant impact in Brazil. In the recent past, WebDetetive has become the latest among phone spyware companies to experience a security breach.
According to information, unidentified hackers detailed their process of identifying and exploiting security vulnerabilities within WebDetetive’s infrastructure. This enabled them to compromise the company’s servers and gain access to its user databases. By leveraging weaknesses in the spyware’s web dashboard, which abusers use to access stolen data from victims’ phones, the hackers obtained all dashboard records, including customer email addresses.
The hackers reported that their access to the dashboard allowed them to completely remove victim devices from the spyware network. This action severed the connection at the server level, effectively preventing the compromised devices from uploading new data. The hackers stated their motivation for this action in the note.
The cache containing over 1.5 gigabytes of scraped data from the spyware’s web dashboard did not include the stolen content from victims’ phones. DDoSecrets, a nonprofit transparency collective, obtained this data and shared it for analysis.
The data unveiled that, at the time of the breach, WebDetetive had compromised a total of 76,794 devices. It also disclosed 74,336 unique customer email addresses. However, since WebDetetive does not verify customer email addresses during sign-up, meaningful analysis of the spyware’s user base is hindered.
The note from the hackers did not provide their identity or contact information. Nonetheless, the authenticity of the stolen data was verified by matching a selection of device identifiers from the cache with a publicly accessible endpoint on WebDetetive’s server.
WebDetetive is a type of spyware that is surreptitiously installed on targeted phones, typically by someone who knows the phone’s passcode. Once installed, the app conceals its presence on the device, making detection and removal challenging. It then starts covertly uploading various types of data from the victim’s phone to remote servers, including messages, call logs, recordings, photos, and real-time location data.
Despite the extensive access that such spyware apps have to sensitive personal data, they are often plagued by coding issues, potentially placing the stolen data at further risk of compromise.
The origins of WebDetetive are somewhat obscure. The spyware’s website does not reveal its owners or operators. Nevertheless, connections can be drawn to OwnSpy, another well-known phone spyware app. Analysis of the WebDetetive app suggested strong similarities to OwnSpy’s spyware. Although little is known about the administrators behind WebDetetive, links to OwnSpy’s developer were identified.
WebDetetive is not the first spyware maker to fall victim to a destructive hack. A similar incident involving LetMeSpy led to the exposure and deletion of victims’ data from the spyware’s servers.
Destructive attacks, though uncommon, raise concerns about the safety of spyware victims, as these apps often notify abusers if they are deactivated or removed from victims’ phones.
Victims or those concerned about being compromised by spyware are encouraged to refer to resources provided by organizations like the Coalition Against Stalkerware.
If you suspect your device is affected by WebDetetive, you can attempt to remove it. Unlike most monitoring apps, WebDetetive and OwnSpy do not hide under fake icons on Android home screens but rather present themselves as Wi-Fi apps. The app usually appears under the name “WiFi” with a white wireless icon in a blue circle against a white backdrop. Tapping and holding the app icon reveals its actual name, “Sistema.” You can also check if Google Play Protect is enabled to guard against malicious apps.