A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed.
Now, two hacking groups have independently found the flaw that allows the mass access of victims’ stolen mobile device data directly from TheTruthSpy’s servers. Switzerland-based hacker maia arson crimew said in a blog post that the hacking groups SiegedSec and ByteMeCrew identified and exploited the flaw in December 2023.
Read more…
Source: TechCrunch