HQ/EMEAFind out how we can help your business
A hacker has compromised the pcTattletale spyware application’s website, a widespread malware installed on the booking systems of various Wyndham hotels in the United States. Based on reports, the hacking campaign has exposed over a dozen archives containing database and source code data.
Developers describe the spyware as employee and child monitoring software, a consumer-grade spyware solution leaking guest details and customer information acquired from hotels’ check-in systems due to an API security bug.
Researchers identified the spyware in the hotel’s systems and published a blog post noting how the pcTattletale vulnerability allows them to access images taken by the malware on other computers.
The pcTattletale authors have yet to address the discoveries.
The investigation has allegedly reached the pcTattletale operators, but they have ignored these attempts to contact them and have yet to provide a fix for the issue.
In a YouTube video from seven years ago, the pcTattletale developer labels it “Spy Software” when demonstrating its initial Android test version. The developer urges users to download a free trial and install it on a Windows Home PC to see how it works.
However, despite the developer defining it as spy software, Microsoft classifies pcTattletale as a hostile program. Microsoft stated that it watches what a user does on its PC, usually by recording your keystrokes or screen images and attempts to steal sensitive and confidential information.
Still, the researchers’ attempts to contact the developers to fix the security bug were unsuccessful, and the vulnerability still provides access to sensitive information owned by the people tracked with the pcTattletale spyware.
While the security researcher provided limited information about this flaw, an entity initiated a hacking operation and defaced the spyware’s website, exposing 20 archives containing source code and data leaked from pcTattletale databases.
However, as the hacker claims on the now-defaced website, he did not use the flaw the researchers discovered. Instead, it claims to have used a Python attack to acquire pcTattletale’s AWS credentials through its SOAP-based API, granting access to the spyware’s source code and databases.
