HQ/EMEAFind out how we can help your business
Threat actors have been observed propagating a new spyware app, ‘Xnspy,’ launched against unaware iPhone and Android users. The malicious app aims to spy on people’s spouses’ or domestic partners’ devices, pretending to be an app to monitor children’s online activities.
Xnspy is one of the many spyware applications in the wild that are planted inside a targeted person’s mobile device to stalk or spy on their activities. Some of the capabilities of such spyware apps include collecting call records, SMS, photos, location, voice recordings, and web browsing history. These malicious capabilities would enable the stalker to have complete intelligence of the victim’s activities and data.
Security researchers have identified vulnerabilities in many spyware apps, including Xnspy.
Based on an analysis, many spyware apps, including the new Xnspy, are riddled with vulnerabilities that could expose the data collected from the victims’ mobile devices. One of the flaws found is the app developers leaving private keys and credentials in a code, with broken or even missing encryption. This security flaw could allow other threat actors to access databases of stolen data and use it for malicious purposes.
For instance, security experts have once discovered a massive cache of an internal database from another spyware app called ‘TheTruthSpy.’ This finding enabled the researchers to notify thousands of compromised device owners.
Subsequently, the researchers have also found a similar case for Xnspy, where it exposed a huge cache of data from victims. As per their findings, the malicious app’s exposed database contained about 60,000 victims with dates as far back as 2014 until newer ones in 2022. Most of Xnspy’s victims were Android phone owners, but the rest were iPhones.
Because of Android OS’s looser security restrictions, it cannot be argued that many spyware apps target most of its users than iPhones. However, based on the spotted stolen data from the iPhone user victims, the exposed database contained over 10,000 unique iCloud email addresses and passwords. With that said, Apple’s security against spyware apps is still up for further enhancements.
Security researchers have also found the alleged developers of the Xnspy spyware during their analysis, which points to a small Pakistan-based development startup called ‘Konext.’ This finding comes from the discovered unencrypted database containing names, email addresses, and passwords of registered Konext employees and developers who could exclusively access the internal systems of Xnspy.
Owners of Android and iPhone devices are advised to avoid downloading applications from third-party sources to avoid being victimised by spyware apps. Additionally, if downloading an app from the official app stores, people must first read reviews from other users and research the app developer’s background.
