Tech | Visa | Scholarship/School | Info Place

Spyware app pcTattletale hacked, its website defaced

US consumer spyware application pcTattletale has been hacked and its internal data posted to its own website, according to a hacker who claims responsibility for the intrusion.

The hackers posted a message on the pcTattletale website late Friday night, claiming to have hacked into a server operated by pcTattletale. The spyware maker’s website briefly contained links to files from its servers that appeared to include some of the victims’ stolen data. Given the victims’ private data has been compromised by the spyware, TechCrunch will not link to the site.

pcTattletale founder Bryan Fleming did not respond to an email seeking comment. It’s unclear if Fleming was able to receive the email due to the company’s ongoing outage.

The hackers did not reveal the specific motives for the intrusion. A few days ago, a security researcher said he found and reported a vulnerability in the spyware app itself that leaked screenshots of the device that was implanted with the app. The researcher, Eric Daigle, said he did not publish the specific details of the vulnerability because pcTattletale ignored the request to fix it.

The hackers who broke into and compromised pcTattletale’s website didn’t exploit the vulnerability Daigle found, but said pcTattletale’s servers could have been tricked into handing over the private keys to its Amazon Web Services account, giving it access to the spyware operation.

pcTattletale is a remote access application, often referred to as “stalkerware” because of its ability to track someone without their knowledge or consent, allowing the person who implanted the application to remotely view the target’s Android or Windows device and its data from anywhere in the world. pcTattletale says the application “runs invisibly in the background of the workstation and cannot be detected.” Spyware applications are stealthy in nature, making them difficult to identify and remove.

Earlier this week, TechCrunch revealed that pcTattletale was used to hack into the front desk check-in systems of multiple Wyndham hotels in the U.S., exfiltrating screenshots of guest details and customer information. Wyndham Hotels did not disclose whether it authorized or allowed its franchised hotels to use the spyware application on their systems.

This is the latest case of spyware makers losing control of the highly sensitive and personal data they collect from their targets’ devices. According to TechCrunch’s ongoing count, more than a dozen spyware and stalkerware companies have been hacked or otherwise had their victims’ private data leaked, some multiple times, in recent years.

The list of hacked spyware makers includes LetMeSpy, a spyware made by a Polish developer that was shut down in June 2023 after its systems were hacked and backend data was deleted; and TheTruthSpy, a mobile spyware created and operated by a Vietnamese developer that was hacked again in February.

Other spyware makers that have been hit by hackers include KidsGuard, Xnspy, Support King, Spyhide — and now pcTattletale.

#Spyware #app #pcTattletale #hacked #website #defaced

Leave a Reply

Your email address will not be published. Required fields are marked *