A security flaw in the Android spyware Catwatchful exposed over 62,000 user credentials and detailed personal information through a vulnerable Firebase database. The spyware, disguised as parental control software, offers real-time monitoring but was found to be vulnerable to SQL Injection attacks. #Catwatchful #FirebaseVulnerability
Keypoints
- Catwatchful operates as undetectable spyware disguised as parental control software on Android devices.
- The spyware gathers real-time data including camera, microphone, and location access from victimsβ phones.
- Security researcher Eric Daigle discovered a SQL Injection flaw that exposed over 62,000 accounts and personal details.
- The personal information vulnerability allows attackers to hijack user accounts and access sensitive data.
- Google has responded by enhancing protections and suspending the API hosting the spywareβs database.
Read More: https://www.securityweek.com/undetectable-android-spyware-backfires-leaks-62000-user-logins/