Spyhide Spyware App Compromised 60,000 Android Devices

Spyhide, an Android spyware app developed in Iran, has silently collected private phone data from tens of thousands of Android devices worldwide. Operating as stalkerware, it discreetly installs on victims' phones, remaining hidden on the home screen to avoid detection and removal. Once installed, Spyhide uploads messages, contacts, photos, recordings, call logs, and real-time location data.

The exposure of Spyhide's development environment came to light when a hacker known as maia arson crimew accessed the source code of a web-based dashboard used by abusers to view pilfered data. Crimew managed to access the back-end databases, providing valuable insights into the spyware operation and its suspected administrators.

Detailed records of about 60,000 compromised Android devices from 2016 until mid-July 2023 were discovered. TechCrunch's analysis showed that Spyhide's surveillance network spans every continent, including clusters of victims in Europe and Brazil and over 3,100 compromised devices in the US.

Within the compromised data, there were approximately 3.29 million text messages, some containing sensitive security information such as two-factor authentication codes and password reset links. It also encompassed over 1.2 million call logs, disclosing the phone numbers of the receiver, the duration of the calls, and around 312,000 call recordings. Disturbingly, the records also encompassed details of approximately 6,000 ambient recordings captured through the victims' phone microphones.

Stalkerware apps, such as Spyhide, are not uncommon, but they often come with flaws that inadvertently expose victims' stolen data. A recent incident involved the LetMeSpy app, which experienced a security breach last month.

Users are advised to check for hidden spyware apps via the apps menu within their phone settings. Spyhide disguises itself as a Google-themed app named "Google Settings," complete with a cog icon, or as a ringtone app titled "T.Ringtone," featuring a musical note icon. Enabling Google Play Protect can also provide some protection against malicious Android apps.

The discovery of Spyhide underscores the ongoing concern surrounding stalkerware and emphasizes the significance of safeguarding against unauthorized surveillance on Android devices. Users are encouraged to remain vigilant and adopt preventive measures to protect their privacy and personal data from malicious applications.