pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target’s device.

What goes around comes around, you might say. As you may have read many times before on our blog, some spyware companies have a surprisingly low standard of security .

In 2021, we reported that “employee and child-monitoring” software vendor pcTattleTale hadn’t been very careful about securing the screenshots it sneakily took from its victims’ phones. A security researcher found an issue while using a trial version of pcTattleTale, noticing that the company uploaded the screenshots to an unsecured online database (meaning anyone could view the screenshots as they weren’t protected by any form of authentication—such as a user name and password).

Last week another security researcher, Eric Daigle, found the company appears to have learned nothing from its previous security issue. Daigle found that pcTattleTale’s Application Programming Interface (API) allows any attacker to access the most recent screen capture recorded from any device on which the spyware is installed. Despite repeated warnings from Daigle and others, no improvements were made.

Then, yet another researcher found yet another bug in pcTattletale which allowed them to gain full access to the backend infrastructure. This allowed them to deface the website and steal the AWS credentials which turned out to be the same for all devices. Amazon has now locked pcTattletale’s entire AWS infrastructure.

After a quick sweep, stalkerware researcher, Maia Crimew stated:

“pcTattletale currently holds over 17 terabytes of victim device screenshots (upwards of 300 million of them from over 10 thousand devices), with some of them dating back to 2018.”

According to 2023 research from Malwarebytes, 62 percent of people in the United States and Canada admitted to monitoring their romantic partners online in one form or another, from looking through a spouse’s or significant other’s text messages, to tracking their location, to rifling through their search history, to even installing monitoring software onto their devices.

Given the low security of the apps available to home users, this is extremely concerning. Installing monitoring software is not just a huge invasion of privacy, there is a big chance that it will backfire.

Removing stalkerware

Malwarebytes, as one of the founding members of the Coalition Against Stalkerware, makes it a priority to detect and remove stalkerware-type apps from your device. It is good to keep in mind however that by removing the stalkerware-type app you will alert the person spying on you that you know the app is there.

Because the apps install under a different name and hide themselves from the user, it can be hard to find and remove them. That is where Malwarebytes can help you.

  1. Open your Malwarebytes dashboard
  2. Tap Scan now
  3. It may take a few minutes to scan your device.

 If malware is detected you can act on it in the following ways:

  • Uninstall. The threat will be deleted from your device.
  • Ignore Always. The file detection will be added to the Allow List, and excluded from future scans. Legitimate files are sometimes detected as malware. We recommend reviewing scan results and adding files to Ignore Always that you know are safe and want to keep.
  • Ignore Once: A file has been detected as a threat, but you are not sure whether to add it to your Allow List or delete. This option will ignore the detection this time only. It will be detected as malware on your next scan.

On Windows machines Malwarebytes detects pcTattleTale as PUP.Optional.PCTattletale.


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

https://blog.malwarebytes.com/feed/