Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers

Google has recently taken action to disable Catwatchful, a phone surveillance operation that was utilizing the tech giant's servers to run its monitoring software. This decision comes after TechCrunch alerted Google about the spyware's activities on Firebase, a platform designed for developers. Catwatchful was leveraging Firebase to manage and store massive quantities of data extracted from thousands of compromised devices. In communication with TechCrunch, Google spokesperson Ed Fernandez confirmed, "We’ve investigated these reported Firebase operations and suspended them for violating our terms of service." However, the company did not elaborate on the reason for the month-long delay in shutting down the operation's Firebase account. Google's terms explicitly prohibit the hosting of malicious software or spyware on its infrastructure. As of Friday, Catwatchful has ceased operations and is no longer transmitting or receiving data, as confirmed by a network traffic analysis conducted by TechCrunch. This spyware, aimed at Android devices, masqueraded as a child monitoring application, claiming to be 'undetectable' to users. Like similar spyware, Catwatchful required physical installation on the target's phone, typically needing prior knowledge of the device's passcode. Such applications are often categorized as 'stalkerware' due to their use in unauthorized surveillance of spouses and partners, which is illegal. Once deployed, the app concealed itself from the victim’s home screen and collected sensitive information, including private messages, photos, and location data, which were then uploaded to a dashboard accessible by the individual who installed the app. TechCrunch first uncovered Catwatchful's existence in mid-June when security researcher Eric Daigle identified a vulnerability that exposed the spyware's back-end database. This flaw allowed unauthorized access, revealing over 62,000 customer email addresses and plaintext passwords, along with records of 26,000 victim devices. The breach also identified the operation's administrator, Omar Soca Charcov, a developer based in Uruguay. When approached for comment about the security breach, Charcov did not respond. Without confirmation that he would notify affected individuals, TechCrunch shared details of the Catwatchful database with the data breach notification service Have I Been Pwned. Catwatchful joins a troubling trend of surveillance operations that have faced data breaches due to poor coding and weak cybersecurity measures. This incident marks the fifth spyware operation this year alone to have compromised user data, contributing to a concerning pattern of breaches among over two dozen spyware operations since 2017. For Android users suspicious that Catwatchful spyware may be installed on their devices, dialing 543210 on the phone's keypad can help reveal its presence, even if hidden. It’s crucial to have a safety plan in place before attempting to remove any spyware. For support, the National Domestic Violence Hotline (1-800-799-7233) offers 24/7 confidential assistance to victims of domestic abuse. If you’re in immediate danger, please contact emergency services.