Support King, banned by FTC, linked to new stalkerware operation - TechCrunch

A twelvemonth after it was banned by the Federal Trade Commission, a notorious telephone surveillance institution is backmost successful each but name, a TechCrunch probe has found.

A groundbreaking FTC bid successful 2021 banned the stalkerware app SpyFone, its genitor institution Support King, and its main enforcement Scott Zuckerman from the surveillance industry. The order, unanimously approved by the regulator’s 5 sitting commissioners, besides demanded that Support King delete the telephone information it illegally collected and notify victims that its app was secretly installed connected their device.

Stalkerware, oregon spouseware, are apps that are surreptitiously planted by idiosyncratic with carnal entree to a person’s phone, often nether the guise of household tracking oregon kid monitoring, but that these apps are designed to enactment hidden from location screens, each the portion silently uploading the contents of a person’s phone, including their substance messages, photos, browsing history, and granular determination data.

But galore stalkerware apps — similar KidsGuard, TheTruthSpy and Xnspy — person information flaws that enactment thousands of people’s idiosyncratic telephone information astatine hazard of further compromise.

That besides includes SpyFone, whose unsecured unreality retention server spilled the idiosyncratic information stolen from much than 2,000 victims’ phones, prompting the FTC to analyse and subsequently ban Support King and its CEO Zuckerman from offering, distributing, promoting, oregon different assisting successful the merchantability of surveillance apps.

Since then, TechCrunch has received further tranches of data, including from the interior servers of a stalkerware app called SpyTrac, which is tally by developers with ties to Support King.

Meet Aztec Labs

With much than 1.3 cardinal compromised devices, SpyTrac is 1 of the biggest known progressive Android stalkerware operations, surpassing the fig of victims ensnared by TheTruthSpy more than threefold. Despite its immense planetary reach, U.S. visitors to SpyTrac’s website are blocked with an abrupt connection stating that “your state is not supported.”

But SpyTrac is similar immoderate different stalkerware app, including its quality to enactment hidden connected a victim’s device. SpyTrac’s website besides makes nary notation of the individuals moving the operation, apt to shield the developers from ineligible and reputational risks associated with moving a stalkerware operation.

According to the information and different nationalist records seen by TechCrunch, SpyTrac is managed by developers who enactment for some Support King and an outfit of developers called Aztec Labs, which builds and maintains the SpyTrac stalkerware operation. Aztec Labs besides maintains a near-identical Spanish-language stalkerware app called Espía Móvil (which translates to “spy mobile”), and different clone stalkerware app called StealthX Pro, the information shows.

Some of the information recovered connected SpyTrac’s server straight connects SpyTrac to Support King.

One of the server files contained a acceptable of Amazon Web Services backstage keys that let entree to unreality retention associated with Support King and GovAssist, a website that claims to assistance immigrants get U.S. visas and imperishable residency permits. The keys besides let entree to unreality retention for OneClickMonitor, a clone stalkerware app that Support King unopen down astatine the aforesaid clip arsenic SpyFone.

Both Support King and GovAssist are headed by main enforcement Scott Zuckerman.

When reached by email, Zuckerman told TechCrunch: “We are investigating your claims that SpyTrac interior information was storing AWS keys that whitethorn beryllium connected to S3 buckets relating to Support King, GovAssist, and OneClickMonitor. We instrumentality this precise earnestly and volition comply with each provisions of the FTC Order.”

Access logs seen by TechCrunch amusement astatine slightest 2 Aztec Labs developers logging successful to SpyTrac’s servers utilizing antithetic sets of credentials, but each from the aforesaid IP addresses. Both of the developers logged successful from IP addresses registered to a Bosnian residential broadband supplier utilizing credentials associated with Aztec Labs, SpyTrac, and Support King email addresses.

One of the developers is Aztec Labs’ method lead, whose LinkedIn says helium is based successful Sarajevo. His different nationalist freelance portfolios database his enactment arsenic a programme manager astatine Support King, a relation that helium describes arsenic “managing the full IT team.”

According to LinkedIn profiles and different enactment portfolios, the method pb and different SpyTrac developers besides enactment connected Zuckerman’s latest venture, GovAssist.

The entree logs besides amusement a 3rd developer logging successful to SpyTrac’s servers, besides from their location IP code successful Sarajevo, utilizing antithetic sets of credentials associated with Support King, Aztec Labs, and GovAssist email addresses.

In response, Zuckerman told TechCrunch: “Neither I, nor immoderate of my businesses, are affiliated with Aztec Labs, SpyTrac, oregon [the method lead, who] worked arsenic an autarkic contractor for Support King betwixt June 2019 and October 2021. Nor bash we person entree to SpyTrac’s servers.”

The SpyFone connection

SpyFone, the stalkerware app banned by the FTC successful September 2021, nary longer operates.

The interior SpyTrac information we person seen shows that SpyFone issued its past lawsuit licence conscionable days earlier it was banned by the FTC. SpyFone’s domain sanction was sold to different telephone surveillance maker, SpyPhone. Customers trying to log successful to SpyFone’s web dashboard, utilized for accessing a victim’s stolen data, were redirected to SpyPhone’s website instead.

The FTC’s 2021 bid besides demanded that Support King delete the information it had illegally collected from SpyFone. But the interior SpyTrac information seen by TechCrunch inactive contains thousands of records associated with SpyFone licenses assigned to the email addresses of buying customers.

Every SpyFone licence was sold by a reseller with a Support King email address, the information showed.

SpyTrac besides came to the attraction of information researchers Vangelis Stykas and Felipe Solferini, whose months-long probe identified communal and easy-to-find information flaws successful respective stalkerware families, including SpyTrac. Their findings, which they presented astatine BSides London this month, progressive decompiling the apps and mapping retired their server infrastructure utilizing nationalist net data. Their grounds links SpyTrac to Support King.

Zuckerman said successful response: “Support King deleted each information successful its servers connected with SpyFone and OneClickMonitor customers pursuant to the FTC Order.”

A abbreviated clip aft TechCrunch contacted Zuckerman for comment, SpyTrac’s website went offline with a connection saying the “product is temporarily not available.” The websites for SpyTrac’s clone stalkerware apps, StealthX Pro and its Spanish-language clone Espía Móvil, besides went offline. Aztec Labs’ website besides stopped loading.

Stalkerware is simply a hard occupation to combat. These operations are clandestine by design, making it hard for regulators to analyse oregon cognize nether whose jurisdiction they fall.

In 2020, the FTC took its archetypal ever enactment against a stalkerware operator, Retina-X, which was hacked respective times and aboriginal shut down. The FTC’s 2nd enactment was against Support King a twelvemonth later.

Companies that interruption FTC orders tin look sizeable civilian penalties. Earlier this year, Twitter was ordered to wage $150 cardinal for violating an FTC bid from 2011.

Instead, overmuch of the effort against stalkerware and different commercialized surveillance has been taken up by the tech industry, including instrumentality makers Apple and Google, which person banned stalkerware apps. In 2020, Google besides banned ads successful its hunt results that beforehand stalkerware. Anti-malware providers who are members of the Coalition Against Stalkerware, which launched successful 2019 to enactment victims and survivors of stalkerware, collectively stock signatures of known stalkerware apps and networks to artifact them from moving connected their customers’ phones.

A erstwhile FTC attorney, who reviewed our findings up of publication, told TechCrunch that the grounds points to a apt breach of the FTC’s ban. As to whether Support King broke its statement with the FTC volition yet beryllium for the bureau to decide.

When reached, a spokesperson for the FTC declined to comment.

If you oregon idiosyncratic you cognize needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential enactment to victims of home maltreatment and violence. If you are successful an exigency situation, telephone 911. The Coalition Against Stalkerware besides has resources if you deliberation your telephone has been compromised by spyware. You tin interaction this newsman connected Signal and WhatsApp astatine +1 646-755-8849 oregon zack.whittaker@techcrunch.com by email.

Read more:

• Xnspy stalkerware spied connected thousands of iPhones and Android devices
• KidsGuard stalkerware app leaked telephone information from thousands of victims
• Inside TheTruthSpy, the stalkerware web spying connected thousands
• TheTruthSpy exposed: Check if your Android instrumentality was compromised
• Your Android telephone could person stalkerware, here’s however to region it