Data Leak from Spying Apps Cocospy and Spyic Exposes Personal Information of Millions of Users

Cybersecurity experts have uncovered a massive data leak in the tracking apps Cocospy and Spyic, linked to Chinese developers and affecting millions of users. These apps are designed to covertly monitor phones, are classified as stalkerware, and allow attackers to collect victims’ data – messages, photos, calls, and other information.

Image source: Kandinsky

Due to the identified bug, the personal data of millions of users, including the email addresses of those who installed these applications, became available in the public space. The researcher who identified the vulnerability collected 1.81 million email addresses of Cocospy users and 880 thousand addresses of Spyic users. According to TechCrunch, this data was transferred to Troy Hunt, the creator of the Have I Been Pwned service, where it was added to the leak database. In total, 2.65 million unique addresses were identified.

Stalkerware, including Cocospy and Spyic, is often sold as parental or corporate monitoring software, but is actually used to illegally spy on business partners and others. TechCrunch has found that both programs are linked to a Chinese app developer called 711.icu, whose website is now down. Cocospy and Spyic disguise themselves as system apps on Android, and transmit user data through Amazon Web Services and Cloudflare servers. Analysis of network traffic shows that the servers periodically respond to requests with messages in Chinese.

Installing such apps usually requires physical access to an Android device, often with knowledge of the device’s password. In the case of iPhones and iPads, stalkerware can access device data without physical access via Apple’s iCloud cloud storage, although this would require the use of stolen Apple credentials.

A method is proposed to determine the presence of these applications on the smartphone and remove them. On Android devices, Cocospy and Spyic can be detected by typing ✱✱001✱✱ on the phone keyboard. You can also find them directly through the system settings. iPhone and iPad users are advised to check the Apple ID settings, enable two-factor authentication and make sure that there is no unfamiliar data in the account. For Android, a useful function would be to activate Google Play Protect.

It is worth saying that any spy apps are prohibited in official app stores and require physical access to the device for installation. Installing such apps is illegal and entails legal consequences, as it violates personal privacy.