Facepalm: Stalkerware programs are frequently used to monitor, control, or track PC and mobile device users. These tools are employed with varying degrees of legitimacy by relatives or law enforcement agencies, but things go completely haywire when a manufacturing company gets targeted by hackers.
Spytech Software, a Minnesota-based company that produces SpyAgent and similar programs, has been breached. TechCrunch was able to access a cache of files taken from Spytech’s servers by unknown hackers, and has exposed the company’s activities and the devices targeted by its stalkerware products.
Spytech has been providing monitoring software for concerned spouses and parents for over 24 years. The company states that its “award-winning” solution combines over 20 essential (and theoretically invisible) monitoring tools with cloud and email-based remote activity logs. With SpyAgent, the corporation claims, customers can record, see, and respond to everything happening on a computer.
Stalkerware programs are usually very effective at concealing their presence. According to data exfiltrated by the hackers, Spytech was able to infect various types of devices, including Android phones, Chromebooks, Mac systems, and PCs. The file cache includes data about more than 10,000 remotely controlled devices, with the earliest records dating back to 2013.
The devices compromised by Spytech programs had their entire activity saved in logs stored on the company’s servers. Most of these devices were Windows-based PCs, TechCrunch explains, and the activity logs didn’t use any form of encryption. When plotted on an offline mapping tool, the location data provided a clear picture of where the compromised devices were located around the world.
Most of the mobile, Android-based devices infected with Spytech tools were located in Europe and the US. Even Spytech executive Nathan Polencheck was among the compromised, though he likely installed his company’s monitoring software on his own phone. When contacted by TechCrunch, Polencheck said he had no knowledge of the breach. The exfiltrated data can seemingly reveal the precise location of his house in Red Wing, Minnesota.
So far, Spytech has made no public statement about the security incident. By all accounts, the company may be forced to notify customers who installed the stalkerware tools on people’s devices or even inform US federal authorities.
Another spyware manufacturer, pcTattletale, was breached earlier this year, but the company chose to shut everything down rather than provide any public notice about its activities or databases.