The TruthSpy exposed: This spyware lookup tool says if your Android device was compromised
In February 2022, a TechCrunch investigation found that a number of consumer-grade spyware programmes, including TheTruthSpy, have a security flaw that exposes the private information of thousands of Android users.
Nearly every nation was victimised, with significant concentrations in the United States, Europe, Brazil, Indonesia, and India, according to our analysis. However, due to the spyware’s covert nature, the majority of victims won’t be aware that their device has been hijacked unless they know where to check.
Then, in June, a source gave TechCrunch access to a cache of documents that had been removed from TheTruthSpy’s internal network’s servers.
Every Android device that was infiltrated by one of TheTruthSpy’s network of spyware applications, including Copy9, MxSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, GuestSpy, and FoneTracker, was listed in the cache. These applications all connect with the same server architecture, with the exception of their names.
Up until April 2022, when the data is believed to have been stolen from the spyware’s internal network, every affected device is listed with either its IMEI number or a special advertising ID. By comparing known IMEIs from burner and virtual devices we utilised in our research into the spyware network, TechCrunch was able to confirm the legitimacy of the list.
Using this database of infected devices, TechCrunch created a spyware search tool that you can use to see if TheTruthSpy applications have infected your Android smartphone and to find resources for uninstalling the malware.
How does the spyware lookup tool work?
It’s crucial to set up a safety strategy before you begin. For victims and survivors of stalkerware, help and direction are available from the Coalition against Stalkerware and the National Network to End Domestic Violence.
This is how you use the tool to get started.
- Locate a device you are certain is secure, such as a friend’s phone or a computer at a public library.
- From that dependable gadget, visit this same website.
- Use the lookup tool to enter the IMEI number or device advertising ID of the device you believe to be hacked. You may wish to examine both.
This is how you find them:
- Your mobile phone’s IMEI number is a 14–15 digit number that is exclusive to it. When you dial #06# on your phone’s dial pad, your IMEI number (also known as a MEID) should show up on the screen. On some phone models, the call button may need to be pressed.
- In Settings > Google > Ads, however certain Android versions may change significantly, you may find the advertising ID for your smartphone. Advertising IDs may be any length, but are usually 16 or 32 characters long and include both letters and digits.
This programme may not recognise your device as hacked if you’ve recently reset, erased, or otherwise modified your advertising ID.
If the spyware search tool produces a “match,” it signifies that the matching device was penetrated by one of TheTruthSpy’s spyware programmes on or before April 2022 and that the IMEI number or device advertising ID was discovered in the stolen list.
If you get a “probable match,” it implies that while your IMEI number or device advertising ID matched a record in the list, the entry may have included unneeded information such as the manufacturer of the device. This indicates that one of TheTruthSpy’s programmes most likely infiltrated the linked device, but you must verify this by looking for indications that the spyware has been installed.
If “no match” is shown, it signifies that there is no record for that device in the hacked device list that has been made public. This does not necessarily imply that the computer is spyware-free. After April 2022, the malware may have penetrated your device, or it may have been targeted by a new kind of spyware.
What do I do now?
You must search for indications that the spyware has been installed if you want to know if an Android smartphone is now hacked. This article describes how to look for signs that your phone has been infected with spyware and how to get rid of it.
Please be aware that uninstalling the spyware would probably notify the person who installed it, which might result in a dangerous scenario since the malware is intended to be inconspicuous. The National Network to End Domestic Violence and the Coalition against Stalkerware both provide assistance, direction, and materials for developing safety plans.
Also Read: Facebook is losing its grip as a ‘Top 10’ app as BeReal and TikTok grow
What does this tool for looking up spyware do?
You may use this search tool to see whether one of TheTruthSpy’s applications has access to your Android smartphone before April 2022.
A list of every hacked device’s IMEI number or unique device advertising ID was acquired by TechCrunch. A unique IMEI number is hardcoded into the hardware of every cellular-connected phone or tablet, while advertising IDs are baked into the software and are easily resettable by the user.
Even though Google largely restricted developers’ access to IMEI numbers starting in 2019 in favour of the more user-controllable advertising IDs, once the spyware is installed, it sends one of the phone’s identifiers back to its servers, just like many other apps do for allowed reasons like advertising.
No information is shared or sold since this search tool does not save provided IMEI numbers or advertising IDs.
Why did TechCrunch create a tool to check for spyware?
TechCrunch cannot directly identify or contact owners of specific devices from the list since there is insufficient information to do so. Even if it did, we couldn’t get in touch with the victims because of concern that doing so might alert the person who installed the spyware as well and put everyone in risk.
Some of a person’s most private and delicate information may be kept on their phone. Without their knowledge or permission, no member of civil society should ever be the target of such intrusive monitoring. By making this programme available, anybody may determine if this malware has infected their Android smartphone at any time or location when it is secure.
You cannot determine whether your device is presently hacked using the lookup tool. It can only inform you if a device’s identity matches one identified in the exposed list, suggesting that the device was probably hacked before April 2022.
What is this malware capable of?
Consumer-grade spyware programmes are often marketed as kid monitoring programmes, but they are also known as “stalkerware” or “spouseware” due to their capacity to follow and monitor other people—including partners and spouses—without their permission.
Apps like TheTruthSpy are designed to remain hidden from home screens and are downloaded and installed by someone who has physical access to a person’s phone. However, they silently and continuously upload call logs, text messages, photos, browsing histories, call recordings, and real-time location data from the phone without the owner’s knowledge.
What exactly is the security flaw?
The network of TheTruthSpy’s nine well-known spyware programmes has the same infrastructure, but due to poor coding, they also have the same security flaw. The vulnerability, formally identified as CVE-2022-0732, is straightforward to exploit and gives anybody remote, nearly unauthorised access to a victim’s device data.
TechCrunch revealed information about the network to assist victims in identifying and removing the spyware, if it is safe to do so, without expecting the vulnerability to be corrected.
The legal matters
If you use our spyware search tool, TechCrunch will record your IP address, IMEI number, and advertising ID for the express purpose of assisting you in determining if this malware has infected your device. When you acquire the findings of the spyware search tool, the IMEI numbers and advertising IDs are destroyed. They are not kept, sold, or shared with any third parties. IP addresses are only temporarily saved in order to restrict automated queries. TechCrunch makes no assurances on the accuracy of the findings and is not responsible for any loss or harm to your device or data. This utility is used at the user’s own risk.