The database has about 360,000 unique device identifiers, including IMEI numbers for phones and advertising IDs for tablets.
The location data is extremely granular and shows victims in major cities, urban hubs and traveling on major transport lines. This map shows six weeks of cumulative location data plotted on a map of North America. It’s possible that TheTruthSpy’s servers only retain some data, such as call logs and location data, for a few weeks, but other content, like photos and text messages, for longer. TechCrunch examined the data spanning March 4 to April 14, 2022, or six weeks of the most recent data stored in the database at the time it was leaked. Each compromised device uploaded a varying amount of data depending on how long their devices were compromised and available network coverage. The database did not contain media, images, videos or call recordings taken from victims’ devices, but instead logged information about each file, such as when a photo or video was taken, and when calls were recorded and for how long, allowing us to determine how much content was exfiltrated from victims’ devices and when. The database is about 34 gigabytes in size and consists of metadata, such as times and dates, as well as text-based content, like call logs, text messages and location data - even names of Wi-Fi networks that a device connected to and what was copied and pasted from the phone’s clipboard, including passwords and two-factor authentication codes. But stalkerware like TheTruthSpy operates in a legal gray area that makes it difficult for authorities around the world to combat, despite the growing threat it poses to victims.įirst, a word about the data. Our analysis shows TheTruthSpy’s network is enormous, with victims on every continent and in almost every country. Using mapping software for geospatial analysis, we plotted hundreds of thousands of location data points from the database to understand its scale. TechCrunch has since analyzed the rest of the database.
Given that victims had no idea that their device data was stolen, TechCrunch extracted every unique device identifier from the leaked database and built a lookup tool to allow anyone to check if their device was compromised by any of the stalkerware apps up to April 2022, which is when the data was dumped. The cache contains the stalkerware operation’s core database, which includes detailed records on every Android device that was compromised by any of the stalkerware apps in TheTruthSpy’s network since early 2019 (though some records date earlier) and what device data was stolen. Months after we published our investigation uncovering the stalkerware operation, a source provided TechCrunch with tens of gigabytes of data dumped from the stakerware’s servers. You can check to see if your Android phone or tablet was compromised here.
0 kommentar(er)
