Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A stalkerware manufacturer with multiple data leaks and violations now has a critical protection weakness that allows any user to take account and allow their victim to steal personal data, TechCrunch.
Independent Protection Researcher Swarang Wade has found weakness, which lets anyone reset the password of any user in the stallerware app Thetruthspy And many of its associates Android Spyware applications lead to hijacking any account on the platform. Giving the nature of the Throthpi, probably many of its customers are operating it without the consent of their goals, which is unknown to those who are being removed to someone else’s phone.
This basic error again shows that consumer spyware, such as thtrothpi manufacturers – and many contestants – cannot be trusted with data. These surveillance applications not only make illegal espionage easier, often by objectionable romantic partners, but they also have protected protection practices that reveal personal information of both the damaged and the miscreants.
Till today, the TechCrunch has counted At least 26 spyware operations that have been leaked, exposed or otherwise spread data In recent years. According to our calculations, it is at least the fourth protection laps that is involved with thruthspi.
The TechCranch Researcher has verified the weakness by providing the username of several test accounts. The researcher has changed the password to quickly accounts. Wade tried to contact the owner of thetruthpi to warn him about the error, but he didn’t get any response.
When contacted by TechCrunch, the director of the spyware operation Van (Verdi) Thiu said that the source code was “lost” and he could not fix the bug.
As a publication, weakness still exists and presents a significant risk to thousands of people whose phones are unknowingly believed to have been compromised by Thetruthspi’s spyware.
Risk to the general public, we are not describing the weakness in more detail so that the contaminated actors cannot be assisted.
A brief history of the many protection defects of thetruthpi
Thetruthspy is a spyware operation with roots that go about a decade back. For some time, the spyware network was one of the biggest known phone surveillance operations on the web.
Thetruthspy 1byte developed by software, Vietnam -based spyware maker Its director is directed by Thiu. Thetruthspy is a fleet of nearest-different Android spyware applications, including different branding Copy 9And since the degraded brands are ISPOs, MXSP and others. Spyware applications share the same back-end dashboards that Throthpi customers use to access the data of their victim’s stolen phone.
As this, thetruthspy’s protection bugs also affect the damage to the applications of the customer and any branded or WhiteLeabelled spyware, which depends on the underlying code of the Throthpi.
As part of the Stallerware industry investigation in 2021, TechCrunch found that there was a protection bug in Thetruthpi It is revealing personal data of 400,000 victims to anyone on the Internet. The exposed data included the maximum personal information of the victims, photos, call logs and their historical location data.
After TechCrunch, spyware revealed the internal tasks of the operation and got a cache of the files from Thetruthpi’s servers. File also contains a list of each android device compromised by one of the Thtruthspi or its associate applications. Although there is not enough information to identify each damage in the list of devices, it is allowed TechCrunch to create a spyware lookup tool to check any possible victim Whether they were found on the phone list.
Based on hundreds of leaked documents from the 1byte server sent to TechCranch, our next report has been released that Thetruthspy depends on a huge money-laundering operation It uses fake documents and false identities in skirt restrictions kept by a credit card processor in the spyware operation. This scheme gives Therutspie the opportunity to pay several million dollars of illegal customers in bank accounts in the world controlled by its operators.
At the end of 2023, the therthspi had another data violation, it revealed Another 50,000 new victim’s personal dataThe A copy of this data was sent to TechCrunch and we added the updated records to our searching equipment.
Thetruthspy, still publishing data, re -brand from phonepointal
As it stands, some of Thetruthpi’s operations have been wounded and other parts have been re -branded to avoid renowned investigation. Thetruthspi still exists today, and it has left the phone’s parental as a new spyware app called its buggy source code and most of the weak back-end dashboards.
Thiu has been involved in the ongoing facilities in addition to the development of phone-monitoring software.
According to the recent analysis of the current web-facing infrastructure using public internet records, the operation depends on a software stack built by Thiu that JFFramework (previously known As JEXPA Framework), Which depends on the thetruthspy and its other spyware applications to share data on its servers.
In an email, Thiu said he was rebuilding applications from scratch with a new phone-monitoring app called Mphoners.AP. The EAP application shows the Mphoners in a network analysis test edited by TechCrunch, depending on the Jefemwork for its back-end operations, the same system is the same system used by Thetruthspi.
There is an interpreter in TechCranch How to identify and remove stackerware From your phone
Like other stallerware operators, thruthspi remains threatening for victims whose phones have been compromised by its applications, not only because of highly sensitive data they steal, because these activities constantly prove that they cannot keep their victim’s data protected.
–
If you or someone you know requires help, National Domestic Violence Hotline (1-800-799-7233) provides the victims of domestic torture and violence 24/7 free, confidential assistance. If you are in an emergency situation please call 911. The Alliance against stalkerware If you think your phone is upset by spyware, there is resource.
