What is the security issue with Cocospy and Spyic?

Cocospy and Spyic, two stalkerware applications sharing similar source code, have security vulnerabilities exposing sensitive data of millions of victims. Cocospy exposed data of 1.81 million people, while Spyic exposed data of 880,167 people.

What types of data were exposed in the breach?

The exposed data includes personal messages, photos, call logs, email addresses of stalkerware operators/customers, device location data, iCloud data (for iOS devices), and various other personal data exfiltrated from compromised devices.

How do these stalkerware applications operate?

These apps require physical access to Android devices for installation or Apple account credentials for iOS devices. They operate covertly while continuously uploading device data to a monitoring dashboard, masquerading as 'System Service' applications on Android devices.

How can users check if their device has stalkerware?

Users can check for stalkerware by entering ✱✱001✱✱ on Android phone keypad and pressing 'call' to reveal hidden apps, checking installed apps through Android Settings menu, or for iOS users, reviewing connected devices and implementing two-factor authentication.

How can affected individuals verify if their data was compromised?

The breach data has been added to Have I Been Pwned's database and marked as 'sensitive.' Only affected individuals can verify if their email addresses were compromised through this service.

Incident

Stalkerware platforms Cocospy and Spyic leak the data of millions of people

published: Feb. 21, 2025

Take action: Check your phone from time to time, you may have spyware on it. And know that the vendors of these products are far from competent in securing their own application.

Learn More

Two stalkerware applications, Cocospy and Spyic, are exposing sensitive data of millions of individuals whose phones are spied on due to a security vulnerability of the platforms. The applications share similar source code and have launched in 2018 and 2019 respectively, are designed to operate covertly on victims' devices while continuously uploading device data to a monitoring dashboard.

Installation of these applications typically require physical access to Android devices for installation or Apple account credentials for iOS devices. They are marketed as parental control or employee monitoring solutions but are often used for illegal surveillance of romantic partners or spouses.

Cocospy has exposed the data of 1.81 million people, and Spyic has exposed the data of 880,167 people.

The exposed data includes:

Personal messages
Photos
Call logs
Email addresses of stalkerware operators/customers
Device location data
iCloud data (for iOS devices)
Various other personal data exfiltrated from compromised devices

The vulnerability is relatively simple to exploit but remains unfixed at the time of reporting. The operators of both applications have not responded to requests for comment. Technical analysis revealed that the apps masquerade as "System Service" applications on Android devices and utilize Cloudflare for data transmission, with some victim data being stored on Amazon Web Services servers. Evidence suggests a connection to a China-based mobile app developer identified as 711.icu.

To check whether your device has such spyware:

On Android devices, enter ✱✱001✱✱ on the phone keypad and pressing "call" can reveal the hidden apps
Check installed apps through Android Settings menu
For iOS users, review connected devices and implement two-factor authentication

The breach data has been added to Have I Been Pwned's database, marked as "sensitive," allowing only affected individuals to verify if their email addresses were compromised.

Stalkerware platforms Cocospy and Spyic leak the data of millions of people

Read More
Au10tix leaks Administrative Credentials
CrowdStrike fires employee being caught sharing screenshots with …
Fireworks Software reports data breach, exposing 27k Individuals
Microsoft AI research team leaks 38TB of data
Cognizant / TMG Health reports Data Breach, exposes …