after one year It was banned by the Federal Trade Commission, but the infamous phone monitoring company is back in full force, except in name, a TechCrunch investigation reveals.
2021 Landmark FTC Mandate forbidden Stalkerware app SpyFone, its parent company Support King, and its CEO, surveillance ex-Scott Zuckerman. The order, which was unanimously approved by his five incumbent commissioners at the regulator, was to delete phone data that Support King had illegally collected and to inform victims that the app had been covertly installed on their device. I also requested to be notified.
Stalkerware, or spouseware, is an app covertly planted by someone with physical access to an individual’s phone, often under the guise of family tracking or child monitoring. The contents of a person’s phone, including text messages, photos, browsing history, and detailed location data.
But many stalkerware apps — like kids guard, spy of truth When Xnspy — There is a security flaw that further compromises the phone data of thousands of individuals.
This also includes SpyFone. Unsecured cloud storage server The exfiltration of stolen personal data from over 2,000 victims’ phones prompted the FTC to investigate and investigate. then banned Support King and its CEO, Zuckerman, in offering, distributing, promoting, or otherwise assisting in the sale of surveillance apps.
Since then, TechCrunch has received more data, including data from an internal server of a stalkerware app called SpyTrac, run by a developer associated with Support King.
Meet the Aztec Lab
With over 1.3 million devices compromised, SpyTrac is one of the largest known active Android stalkerware operations, surpassing the number of victims trapped by TheTruthSpy. 3 times or moreUS visitors to SpyTrac’s website are blocked with a sudden “Your country is not supported” message, despite its widespread international reach.
However, SpyTrac, like other stalkerware apps, has the ability to remain hidden on the victim’s device. His website on SpyTrac also fails to mention the individuals performing this operation, potentially shielding developers from the legal and reputational risks associated with performing stalkerware operations.
According to data reviewed by TechCrunch and other public records, SpyTrac is maintained by developers working both at Support King and a group of developers called Aztec Labs who build and maintain the SpyTrac stalkerware operation. Aztec Labs also maintains a nearly identical Spanish-language stalkerware app called Espía Móvil (meaning “Spy Mobile”) and another clone stalkerware app called StealthX Pro, data shows. .
Some of the data found on SpyTrac’s servers connects SpyTrac directly to Support King.
One of the server files contains a set of Amazon Web Services private keys that grant access to cloud storage associated with Support King and GovAssist, websites that claim to help immigrants obtain U.S. visas and permanent residency. was included. This key also allows access to the cloud storage of OneClickMonitor, a cloned stalkerware app that Support King shut down at the same time as SpyFone.
both support king When governor assist It is led by CEO Scott Zuckerman.
Zuckerman reached out to TechCrunch via email and said: We take this very seriously and comply with all provisions of the FTC Order. ”
An edited screenshot of a SpyTrac video referencing SpyFone, a Support King surveillance app banned by the FTC a year ago. Image credit: TechCrunch (screenshot)
Access logs reviewed by TechCrunch show that at least two Aztec Labs developers logged into SpyTrac’s servers using different sets of credentials, but each from the same IP address. increase. Both developers logged in from her IP address registered with his Bosnian home broadband provider using credentials associated with Aztec Labs, SpyTrac, and Support King email addresses.
One of the developers is a technical lead at Aztec Labs, based in Sarajevo, according to LinkedIn. His Other Public Freelances His portfolio lists his work as program manager at Support King. This is a role he describes as “managing the entire IT team.”
Technical leads and other SpyTrac developers are also working on Zuckerman’s latest venture, GovAssist, according to their LinkedIn profiles and other work portfolios.
The access logs show a third, also from a home IP address in Sarajevo, logging into SpyTrac’s servers using various sets of credentials associated with email addresses for Support King, Aztec Labs, and GovAssist. The developer is also indicated.
Zuckerman told TechCrunch: [the technical lead, who] Worked as an independent contractor for Support King from June 2019 to October 2021. I also cannot access SpyTrac’s servers. ”
SpyFone connection
SpyFone, a stalkerware app banned by the FTC in September 2021, no longer works.
Our internal SpyTrac data shows that SpyFone issued its last customer license days before it was banned by the FTC. The domain name of SpyFone is sold To another phone monitoring maker, SpyPhone. Customers who tried to log into her SpyFone’s web dashboard, which is used to access the victim’s stolen data, were instead redirected to her website on her SpyPhone.
The FTC’s 2021 order also required Support King to delete data illegally collected from SpyFone. However, his internal SpyTrac data, which TechCrunch has reviewed, still contains thousands of records related to his SpyFone licenses assigned to his purchasing customer email address.
Our data showed that all SpyFone licenses were sold by resellers with Support King’s email address.
SpyTrac also caught the attention of security researchers Vangelis Stickus When Felipe Solferini, its months-long research identified common and easy-to-find security flaws in several stalkerware families, including SpyTrac.Their findings they published B-Side London This month we decompiled the app and mapped the server infrastructure using public internet data. Their evidence links SpyTrac to the Support King.
In response, Zuckerman said, “Support King has deleted all data in servers connected to customers of SpyFone and OneClickMonitor in accordance with FTC orders.”
Shortly after TechCrunch reached out to Zuckerman for comment, SpyTrac’s website went offline with a “Product Temporarily Unavailable” message. His website for SpyTrac’s clone stalkerware app, StealthX Pro, and its Spanish-language clone Espía Móvil has also gone offline. The Aztec Labs website has also stopped loading.
Screenshot of the FTC notice on the Support King website. Image credit: TechCrunch (screenshot)
Stalkerware is a difficult problem to deal with. These operations are secret by design, making it difficult for regulators to investigate or know who is under their jurisdiction.
In 2020, the FTC took its first-ever action against stalkerware operator Retina-X. Retina-X was hacked several times and then shut downThe FTC’s second action was against Support King a year later.
Companies that violate FTC orders can face significant civil penalties.Earlier this year, Twitter ordered to pay $150 million for violating an FTC order from 2011;
Instead, many of the efforts against stalkerware and other commercial surveillance have been picked up by the tech industry, such as device makers Apple and Google, who have banned stalkerware apps. 2020, Google also bans ads in search results that promote stalkerwareAnti-malware providers who are members of the Coalition Against Stalkerware, which was launched in 2019 to help stalkerware victims and survivors, jointly share the signatures of known stalkerware apps and networks so that they blocking it from working on the phone.
A former FTC attorney who reviewed our findings before publication told TechCrunch that the evidence points to possible violations of the FTC’s prohibition. Ultimately the FTC will make the decision.
An FTC spokeswoman declined to comment when contacted.
If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 confidential support for victims of domestic violence and violence. It is provided free of charge. For emergencies, call 911. Coalition Against Stalkerware We also have resources if you think your phone is infected with spyware. You can reach this reporter on Signal and WhatsApp at +1 646-755-8849 or email at zack.whittaker@techcrunch.com.
read more:
