#AxisOfEasy 270: TechCrunch’s Analysis Of TheTruthSpy And The State Of Other Stalkerware Apps

Weekly Axis Of Easy #270

Last Week’s Quote was  “Imagination is more important than knowledge,”   by Einstein. Lots of correct answers but Jason got it first. 

This Week’s Quote:  “There is only one success to be able to live your life in your own way,” … by ? 

THE RULES:  No searching up the answer, must be posted at the bottom of this post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.

This is your easyDNS #AxisOfEasy Briefing for the week of October 31st, 2022, wherein our our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

In this issue:

  • TechCrunch’s Analysis of TheTruthSpy and the State of other Stalkerware Apps
  • Mark Sokolovsky, Alleged 26-year-old Behind Global “Raccoon InfoStealer” Malware, Charged by FBI
  • Project Texas: How TikTok Responds to Its First Big Crisis
  • New York Post headlines target politicians after being hacked
  • US agents accuse Huawei of obstruction of justice
  • Tracking your pandemic obedience
  • iPhone Zero-Day Threat

Elsewhere online

  • FOIA documents show that DHS agents monitored Twitter after the Roe decision
  • A more coordinated approach is needed to strengthen cybersecurity in K-12 schools, according to the GAO
  • The Ukrainian military is being targeted by unknown actors using RomCom RAT
  • Vulnerabilities in Atlassian software highlight the importance of cloud computing
  • The Turkish government arrests 11 journalists who work for pro-Kurdish media


TechCrunch’s Analysis of TheTruthSpy and the State of other Stalkerware Apps in the World Today

A recent cache of 34 GB of leaked data from various Stalkerware apps revealed the extent of a massive Stalkerware operation in the US and around the globe. Stalkerware apps such as TheTruthSpy, Copy9, and MxSpy were responsible for leaking the call logs, texts, and granular location data of their victims’ Android phones and tablets. These apps were manually installed to victims’ devices, where they stayed hidden on users’ home screens and continued to silently upload the device’s contents without the user’s knowledge or permission.

A source has provided TechCrunch with data that was dumped from these Stalkerware servers. TechCrunch has since built a lookup tool to allow anyone to check if their device was compromised by these Stalkerware apps. TechCrunch has also run a geospatial analysis of the most recent data stored in the database, spanning 6 weeks from March 4 to April 14, 2022.

Its findings report that about 9,400 new devices were compromised from March 4 to April 14, 2022. The database also stored 609k location data points in the same timeframe. These location points were extremely granular—it was possible to pinpoint victims’ locations down to their exact city, transportation hub, place of worship, and other sensitive locations. TheTruthSpy’s network, in particular, was massive, with victims in nearly every country across the globe. The United States ranked in first with the most location data points by volume, followed by India, Indonesia, Argentina, and the UK in that order.

TheTruthSpy database also stored 179k call recording files and 473k records of photos and videos from compromised phones during the 6-week timeframe. There was also evidence of data collected from children’s phones. Albeit concerning, Stalkerware like TheTruthSpy operates in a legal gray area. Though possession of Stalkerware is not currently illegal in itself, using it for wiretapping is. Most Stalkerware is sold covertly as child monitoring software but is often abused to spy on spouses and domestic partners. Unfortunately, thus far only a few stalkerware apps, like RetinaX and SpyFone, have faced penalties from regulators like the Federal Trade Commission (FTC) in the US.

Read: https://techcrunch.com/2022/10/26/inside-thetruthspy-stalkerware/


Mark Sokolovsky, Alleged 26-year-old Behind Global “Raccoon InfoStealer” Malware, Charged by FBI

Mark Sokolovsky, the 26-year-old Ukrainian hacker allegedly behind the “Raccoon InfoStealer” malware service, was arrested by Dutch law enforcement in March 2022 after the former left Ukraine. He is currently being held in the Netherlands awaiting extradition to the US.

Raccoon InfoStealer is a widely used information stealing malware, leased via cryptocurrency to cybercriminals at the rate of around 200 USD/month. According to the US Department of Justice, the program uses tactics “such as email phishing to install the malware onto the computers of unsuspecting victims.” Active since April 2019, there was a temporary shut down in services from March to June 2022 due to Sokolovsky’s arrest. Services have since been continued.

According to the FBI, the malware has successfully mined over 50 million forms of identification (including, but not limited to: credit card numbers, email addresses, and bank accounts) from victims all over the world. The FBI has launched the website raccoon.ic3[.]gov to allow victims to cross check if their email address is among the compromised.

This type of malware feeds the cybercrime ecosystem, harvesting valuable information and allowing cyber criminals to steal from innocent Americans and citizens around the world,” said U.S. Attorney Ashley C. Hoff.

Mark Sokolovsky faces:

  • One count of conspiracy to commit computer fraud (maximum penalty 5 years in prison),

  • One count of conspiracy to commit wire fraud and one count of conspiracy to commit money laundering (combined maximum penalty of 20 years), and

  • One count of aggravated identity theft (mandatory consecutive 2 years in prison)

Read: https://thehackernews.com/2022/10/us-charges-ukrainian-hacker-over-role.html


Project Texas: How TikTok Responds to Its First Big Crisis

During the end of the Trump administration, TikTok was regularly challenged with US bans and delisting from app stores amid concerns about espionage and China’s possible use of the app to push propaganda.

TikTok is being probed anew after being inactive throughout the Biden administration. Forbes reports that ByteDance’s program was used to surveil American residents, although the company denies any wrongdoing.

The article states Beijing’s Internal Audit and Risk Control Bureau planned the spying. TikTok denies the allegations, saying American user data is siloed from Chinese personnel and foreigners only have “as-needed” access to US location data.

Project Texas” kept US data away from Chinese databases to maintain a good relationship with the US government. ByteDance’s Internal Audit division is headquartered in Beijing and reports directly to CEO Rubo Liang.

Forbes does not name the individuals, their employers, or the purpose of the espionage. According to a TikTok representative, the app collects approximate location data to target ads, prevent fraud, and comply with local laws.

TikTok is currently negotiating the contract with the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS). The CFIUS agreement evaluates TikTok’s security risks, namely whether it may be used to spy on Americans. Under the terms of this agreement, only “approved people” will have access to US TikTok user data.

The Project Texas initiative is critical because it reveals TikTok’s intent to localize US data and adhere to China’s cybersecurity rules. TikTok needs to offer a technical solution that shields US data from Chinese servers, even if it has the best intentions.

Even before the location data issue arose, the partnership was on the uncertain ground. CFIUS deliberations are still ongoing. TikTok said the Forbes report couldn’t be correct because the app doesn’t collect “precise” location data. Other writers pointed out that the service’s privacy policy says it can if the user grants permission.



New York Post headlines target politicians after being hacked

New York Post website and verified Twitter account were hacked on Thursday after offensive headlines and tweets targeted US politicians. The scathing headlines included references to New York City Mayor Eric Adams, Alexandria Ocasio-Cortez, NY Governor Kathy Hochul, Texas Governor Greg Abbott, and R-IL Rep. Adam Kinzinger, as well as US President Joe Biden and his son Hunter Biden.

There is currently no information about how the attackers gained control of the NY Post’s website and verified Twitter account. Nevertheless, the newspaper fired an employee for the incident and removed the vile and reprehensible content from its website and social media accounts.

The incident follows a similar breach in which a threat actor breached the content management system for Fast Company a month ago. The threat actor sent racist notifications to readers’ mobile devices.

Also in February, News Corp, New York Post’s owner, disclosed that it had been a victim of a “persistent” cyberattack. Several journalists and employees of News Corp were hacked, and their emails and documents were accessed.



US agents accuse Huawei of obstruction of justice

A new set of criminal charges has been announced by the US Department of Justice (DoJ) against Chinese nationals in three separate cases, including one in which two agents are accused of paying bribes to obtain inside information on the federal prosecution of Huawei.

The first case indicts two alleged intelligence officers, Dong He (aka Guochun He/Jacky He) and Zheng Wang (aka Zen Wang), for conspiring to steal information from the US Attorney’s Office in New York related to Huawei’s federal prosecution. If they’re caught, the two suspected intelligence officers could face a combined 60-year prison sentence.

The second case involved an attempt to capture a Chinese dissident who fled Beijing’s autocratic state under Beijing’s infamous Operation Fox Hunt strategy. According to the DoJ, the harassment campaign lasted several years, with a family member flying to the US to personally urge the victim to return to China. Only two of the seven Chinese citizens have been arrested.

The final case charges four Chinese nationals with recruiting professors at US universities to act as Chinese agents. They hoped to capture sensitive fingerprint technology and stop protests along the 2008 Olympic Games torch route.

Read: https://www.infosecurity-magazine.com/news/us-charges-chinese-agents-huawei/


Tracking your pandemic obedience

Rumors of daily phone tracking were true. Predictwise was harvesting data that came from tens of millions of phones. GPS tracked movements were given a Covid decree violation score. Over 350,000 “Covid concerned” Republican voters were exploited in swing states for their views when it came to the pandemic.

PredictWise, whose list of clients seems only to include democrat institutions, worked with the democratic national committee.  They openly explain the surveillance process on their website. Breach of data collecting is out of control. Compliance was equal to control and ultimately a gateway to more power.

Read: https://conventionofstates.com/news/whats-your-lockdown-violation-score-political-campaigns-tracked-your-pandemic-obedience


iPhone Zero-Day Threat

An anonymous researcher discovered a threat affecting Apple devices.

The details of how it works or what to look out for are scant, as usual, likely to minimize copycat hackers from jumping on an Apple Hackothon. What’s known is it affects the kernel code, so it can be used to execute remote commands, crashing or corrupting data on the device.

“According to Apple, the issue impacts:
iPhone 8 and later
iPad Pro (all models)
iPad Air 3rd generation and later
iPad 5th generation and later
iPad mini 5th generation and later
At time of writing, there is very little you can do other than fire up your Apple product and make your way to the updates section. There is no reason to panic, but no need to delay either.”

The article has step by step instructions on how you can update your device.

Read: https://www.malwarebytes.com/blog/news/2022/10/zero-day-threat-discovered-for-iphones-and-ipads.-update-your-devices-now


Elsewhere Online

FOIA documents show that DHS agents monitored Twitter after the Roe decision

A more coordinated approach is needed to strengthen cybersecurity in K-12 schools, according to the GAO

The Ukrainian military is being targeted by unknown actors using RomCom RAT

Vulnerabilities in Atlassian software highlight the importance of cloud computing

Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:






One thought on “#AxisOfEasy 270: TechCrunch’s Analysis Of TheTruthSpy And The State Of Other Stalkerware Apps

Leave a Reply

Your email address will not be published. Required fields are marked *