SpyHuman, a company from India that develops commercial Android spyware, has been hacked. During the hack, millions of phone calls and the content of intercepted SMS messages were stolen. SpyHuman sells an "Android Monitoring Solution" that can be used to track employees and children.
Through the spyware, that can only be installed with physical access to the device, it's possible to intercept phone calls, text messages and track the location of users through GPS. The "Android Monitoring Solution" can also be used to read WhatsApp and Facebook messages, view the browsing history, and the spyware has the option to enable the device's microphone remotely. All data is available through a dashboard that provides the employer, or parent, an overview with all kind of data from the 'target device'.
An attacker gained access to the database of the company. The database contained metadata of 440 million phone calls and the contents of intercepted SMS messages. The metadata of the phonecalls contains the phone numbers that were called or from which number the device was called. Also the duration of the call and the date and time of the call was amongst the stolen data.
SpyHuman has confirmed it's the victim of a hack. The company also states it has taken additional security measures to better protect its systems.
According to the website of Spyhuman, their app has been downloaded more than 500,000 times. Their Android app is not available through the Google Play store, but has to be manually installed bypassing Google's security checks. They offer a free subscription with basic features that is ad-supported. A premium subscription is ad-free, has more feature and is sold at $9.99.
