Limited distribution: SpyHide (100 GB)
Files from the Iranian stalkerware company that compromised 60,000 Android devices around the world since 2016
The SpyHide data includes source code and user data for the Android spyware software covering the years since the company’s founding in 2016, through to mid-July 2023.
Although SpyHide's software was made in Iran and the servers were hosted by Hetzner in Germany, TechCrunch's analysis of the data identified at least 750,000 users, who collectively had about 60,000 victims from every continent. Many users who downloaded the app and set up initial accounts never installed the spyware on any victims’ devices. The spyware is marketed to people concerned about a cheating partner or spouse. Indeed, some users were spying on only one invidual using the spyware, but according to TechCrunch, “there were 4,000 users were in control of more than one compromised device.” A smaller number of SpyHide power users were tracking dozens of hacked devices at the same time.
The source maia arson crimew reported:
Some of the users (operators) have multiple devices connected to their account, with some having as much as 30 devices they’ve been watching over a course of multiple years … (I) searched the email address and email domain list for interesting email addresses … There are at least 190 users who have signed up with various government email addresses, at least 16 of which are US goverment addresses (there is even some .mil ones in there this time), many of which were correctional officers.
Arson crimew also found SpyHide user accounts from the Brazil and Phillipines departments of Education, and from the Colombian National Police.
TechCrunch, who reviewed the dataset under embargo, reported:
The data also included 3.29 million text messages containing highly personal information, such as two-factor codes and password reset links; more than 1.2 million call logs containing the phone numbers of the receiver and the length of the call, plus about 312,000 call recording files; more than 925,000 contact lists containing names and phone numbers; and records for 382,000 photos and images. The data also had details on close to 6,000 ambient recordings stealthily recorded from the microphone from the victim’s phone.
Due to the sensitive and personal nature of the data, this collection is in our limited distribution section. Researchers and journalists can open a ticket in our request system to access data from the limited distribution collections.
Distributed Denial of Secrets is a 501c3 registered non-profit. Your donations help us to continue to publish.