Android Spyware Hacked, 76,000 Devices Wiped Off Servers

WebDetetive, a Portuguese-language spyware company, has had all of its victims’ devices wiped from their servers after being compromised by hackers. Its spyware had been used to infiltrate 76,000 Android phones across South America (especially within Brazil).

In a note to TechCrunch, the hackers described how they found and exploited several security vulnerabilities to access WebDetetive’s servers and user databases. By exploiting other flaws in the spyware company’s dashboard, they managed to steal every customer’s email address and delete victim devices from the spyware network.

A data dump stolen by the hackers, now in the hands of the nonprofit DDoSecrets, revealed that at the time of the breach, 76,794 devices had been compromised by WebDetetive. There were also 74,336 unique customer email addresses signed up with the service.

The spyware was primarily used to compromise Android phones across South America, with a significant number in Brazil. The app could only be "sideloaded" manually onto the target device, with major platforms like Google and Apple refusing to host such products.

WebDetetive, an offshoot of the better-known OwnSpy, advertised its ability to stealthily obtain text messages, call logs, phone call recordings, location data, and more.

Worryingly, WebDetetive's connections to OwnSpy suggest a broad ecosystem for these activities. Spyware companies like WebDetetive and OwnSpy operate in a murky legal environment, and as such, they are secretive about the real-world identities that are behind such unethical applications.

While WebDetetive's capabilities are alarming, spyware threats are unfortunately widespread. As we reported recently, even mainstream platforms like Google Play aren't immune — recent findings unveiled spyware apps threatening over a million users.