A vulnerability in the widely used surveillance apps Cocospy and Spyic has compromised the personal data of millions of users. The flaw allows unauthorized access to messages, photos, call logs, and other sensitive information collected from infected devices. Additionally, the vulnerability exposes the email addresses of customers who registered for these services to install spyware on their victims’ phones.
Like other forms of spyware, Cocospy and Spyic operate covertly, transmitting user data to a remote monitoring panel. In most cases, smartphone owners remain unaware that their devices have been compromised. Despite repeated inquiries from journalists, representatives of Cocospy and Spyic have neither responded nor addressed the vulnerability.
Exploiting this flaw requires no advanced technical expertise, which is why specific details remain undisclosed to prevent further data breaches. However, the researcher who discovered the issue compiled and submitted a database of 2.65 million registered Cocospy and Spyic email addresses to the breach notification service Have I Been Pwned.
The origins of Cocospy and Spyic’s developers remain unclear, but an analysis of their infrastructure suggests potential ties to the Chinese company 711.icu. Research indicates that the applications disguise themselves as system software on Android devices and transmit collected data via AWS. Amazon Web Services (AWS) has not commented on any potential actions regarding the spyware hosted on its servers.
Cocospy and Spyic are not available on official app stores and require physical access to a device for installation. In the case of iPhones, malicious actors may exploit stolen iCloud credentials to remotely harvest data.
Users are advised to review their installed applications and enable Google Play Protect to guard against potentially harmful software. iPhone users should inspect their iCloud settings and activate two-factor authentication to enhance account security.
