As reported by TechCrunch, the Spyhide stalkerware has been installed on 60,000 Android phones since 2016. Unlike malicious apps which send stolen data to hackers, Spyhide and other stalkerware apps steal sensitive data and send it back to spouses or other people looking to keep tabs on victims.
What makes stalkerware apps so dangerous is their ability to stay hidden on a compromised phone which makes them difficult to detect and uninstall. Once loaded onto an Android smartphone, Spyhide silently collects and uploads a victim’s contacts, messages, photos, call logs, recordings of their calls and even their location in real-time.
While Spyhide has been quietly collecting data on victims for years now, a Switzerland-based hacker has managed to gain access to part of the stalkerware’s development environment which has shed new light on this stalkerware.
The hacker Maia Arson Crimew was able to gain access to Spyhide’s back-end database by exploiting a vulnerability in the stalkerware’s dashboard and has detailed their findings in a new blog post.
The stalkerware’s database contains detailed records of 60,000 compromised Android devices including call logs, text messages and years of location history. Alongside this sensitive data, there’s also information about each file like when a photo or video was taken and uploaded by Spyhide.
According to TechCrunch’s analysis, Spyhide’s operations are worldwide. While there are only 3,100 compromised devices in the U.S., American victims are the most surveilled based on the fact that there are more than 100,000 location data points in the country alone.
At the same time, the stalkerware’s database also contains records on 750,000 users that signed up to gain access to Spyhide, likely with the intention of installing the stalkerware on someone else’s smartphone.
Additionally, the database includes 3.29 million text messages, 2FA codes, password reset links, over 1.2 million call logs, 312,00 call recording files, 925,000+ contact lists and records for 382,000 photos and images. Suffice it to say, Spyhide collects loads of personal data from its victims.
How to find and remove stalkerware from your Android smartphone
As stalkerware apps are designed to blend in with the other apps on your smartphone, finding them can be difficult unless you know what to look for.
For instance, Spyhide lurks on victims’ smartphones as either a Google-themed app called “Google Settings” with a cog icon or a ringtone app called “T.Ringtone” that has a music note for its icon.
If you have a lot of apps installed on your smartphone, Spyhide and other stalkerware apps become much more difficult to find and delete since they try to blend in with your other apps. However, if you go to the Settings menu on your Android phone, you can look through all of your installed apps for any that stand out or for ones that you don’t remember downloading. If you find any apps that meet these conditions, you should remove them from your smartphone by uninstalling them immediately.
To better detect and remove stalkerware apps like Spyhide, you can use one of the best Android antivirus apps as they look for malicious apps installed on your smartphone. If you’re on a tight budget, Google Play Protect also scans your existing apps and any new ones you download for malware.
Unfortunately stalkerware is likely to remain a problem on both Android and iOS as jealous spouses and others want an easy way to keep tabs on others. This is why you should never leave your phone unattended, and why you should secure it with biometrics like a fingerprint instead of a password or PIN which can be guessed.
More from Tom's Guide
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.