Fresh stalkerware crop pops up on Google's Android Play Store, swiftly yanked offline

130,000 have already downloaded creepware


Seven new stalkerware apps have been spotted for sale on the Android Play Store, despite Google's policy against the invasive monitoring tools.

By stalkerware, we mean applications scumbags can install on their spouse's or partner's device, or dodgy bosses on staffers' handhelds, to silently track their whereabouts, web browsing, messaging, and other activities. It can also be installed on kids' gadgets by watchful parents.

The mobile research team at Avast Threatlabs told The Register on Wednesday it believes as many as 130,000 people already downloaded the Android tools, which allow snoops to quietly hoover up contacts, texts, and call histories, and other private details, from devices they are installed on.

As of yesterday morning, four of the surveillanceware applications had been taken down after Avast tipped off Google; the rest have since been pulled. The apps are being pitched under the names "Track Employees Check Work Phone Online Spy Free," "Spy Kids Tracker," "Phone Cell Tracker," "Mobile Tracking," "Spy Tracker," "SMS Tracker," and "Employee Work Spy."

The Avast team noted the programs are not being pitched outright as stalking tools, but rather as parental control or monitoring kit, perhaps helping them to sneak into the Play Store.

"These apps are highly unethical and problematic for people’s privacy and shouldn’t be on the Google Play Store, as they promote criminal behavior, and can be abused by employers, stalkers or abusive partners to spy on their victims," said Nikolaos Chrysaidos, Avast head of mobile threat intelligence and security.

After blitzing FlexiSpy, hackers declare war on all stalkerware makers: 'We're coming for you'

READ MORE

"Some of these apps are offered as parental control apps, but their descriptions draw a different picture, telling users the app allows them to ‘keep an eye on cheaters’."

For those who are able to get their hands on the creepware, the installation is a multi-step process.

Avast says that, first, the stalker must first install the setup app on the target's phone and configure it with the email address where the harvested data is to be sent. From there, a second payload is installed and hidden, after which the setup app is deleted and the software can run without the target's knowledge. To do this, the snooper has to get their hands on the phone unnoticed for at least a few minutes. Not difficult for a trusted employer or partner if a handheld is left lying around.

The Threatlabs team believes the apps are all the work of a Russian developer, as the apps dial back to a Russian server with an IP address previously associated with Russian domains.

The Chocolate Factory's developer policies strictly forbid stalkerware and other covert tracking tools, and once alerted Google is usually quick to remove offending apps.

Security software firms are also increasingly classifying such apps as malicious, thanks in part to a concerted campaign by Eva Galperin, the EFF's Director of Cybersecurity, and others. ®


Other stories you might like

  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading
  • UK competition watchdog seeks to make mobile browsers, cloud gaming and payments more competitive
    Investigation could help end WebKit monoculture on iOS devices

    The United Kingdom's Competition and Markets Authority (CMA) on Friday said it intends to launch an investigation of Apple's and Google's market power with respect to mobile browsers and cloud gaming, and to take enforcement action against Google for its app store payment practices.

    "When it comes to how people use mobile phones, Apple and Google hold all the cards," said Andrea Coscelli, Chief Executive of the CMA, in a statement. "As good as many of their services and products are, their strong grip on mobile ecosystems allows them to shut out competitors, holding back the British tech sector and limiting choice."

    The decision to open a formal investigation follows the CMA's year-long study of the mobile ecosystem. The competition watchdog's findings have been published in a report that concludes Apple and Google have a duopoly that limits competition.

    Continue reading
  • End of the road for biz living off free G Suite legacy edition
    Firms accustomed to freebies miffed that web giant's largess doesn't last

    After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.

    "For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."

    Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.

    Continue reading

Biting the hand that feeds IT © 1998–2022