This Android stalkerware app has infected 60,000 devices — is it on your phone?

A picture of a skull and bones on a smartphone depicting malware
(Image credit: Shutterstock)

Tens of thousands of the best Android phones are infected with a stalkerware app that secretly collects private data from them.

As reported by TechCrunch, the Spyhide stalkerware has been installed on 60,000 Android phones since 2016. Unlike malicious apps which send stolen data to hackers, Spyhide and other stalkerware apps steal sensitive data and send it back to spouses or other people looking to keep tabs on victims.

What makes stalkerware apps so dangerous is their ability to stay hidden on a compromised phone which makes them difficult to detect and uninstall. Once loaded onto an Android smartphone, Spyhide silently collects and uploads a victim’s contacts, messages, photos, call logs, recordings of their calls and even their location in real-time.

While Spyhide has been quietly collecting data on victims for years now, a Switzerland-based hacker has managed to gain access to part of the stalkerware’s development environment which has shed new light on this stalkerware.

Spyhide stalkerware

The hacker Maia Arson Crimew was able to gain access to Spyhide’s back-end database by exploiting a vulnerability in the stalkerware’s dashboard and has detailed their findings in a new blog post

The stalkerware’s database contains detailed records of 60,000 compromised Android devices including call logs, text messages and years of location history. Alongside this sensitive data, there’s also information about each file like when a photo or video was taken and uploaded by Spyhide.

According to TechCrunch’s analysis, Spyhide’s operations are worldwide. While there are only 3,100 compromised devices in the U.S., American victims are the most surveilled based on the fact that there are more than 100,000 location data points in the country alone.

At the same time, the stalkerware’s database also contains records on 750,000 users that signed up to gain access to Spyhide, likely with the intention of installing the stalkerware on someone else’s smartphone. 

Additionally, the database includes 3.29 million text messages, 2FA codes, password reset links, over 1.2 million call logs, 312,00 call recording files, 925,000+ contact lists and records for 382,000 photos and images. Suffice it to say, Spyhide collects loads of personal data from its victims.

How to find and remove stalkerware from your Android smartphone

A phone with an eye depicting stalkereware

(Image credit: Kaspersky)

As stalkerware apps are designed to blend in with the other apps on your smartphone, finding them can be difficult unless you know what to look for.

For instance, Spyhide lurks on victims’ smartphones as either a Google-themed app called “Google Settings” with a cog icon or a ringtone app called “T.Ringtone” that has a music note for its icon. 

If you have a lot of apps installed on your smartphone, Spyhide and other stalkerware apps become much more difficult to find and delete since they try to blend in with your other apps. However, if you go to the Settings menu on your Android phone, you can look through all of your installed apps for any that stand out or for ones that you don’t remember downloading. If you find any apps that meet these conditions, you should remove them from your smartphone by uninstalling them immediately.

To better detect and remove stalkerware apps like Spyhide, you can use one of the best Android antivirus apps as they look for malicious apps installed on your smartphone. If you’re on a tight budget, Google Play Protect also scans your existing apps and any new ones you download for malware.

Unfortunately stalkerware is likely to remain a problem on both Android and iOS as jealous spouses and others want an easy way to keep tabs on others. This is why you should never leave your phone unattended, and why you should secure it with biometrics like a fingerprint instead of a password or PIN which can be guessed.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.