Support King, banned by FTC, linked to new phone spying operation

A 12 months after it was banned by the Federal Commerce Fee, a infamous telephone surveillance firm is again in all however identify, a TechCrunch investigation has discovered.

A groundbreaking FTC order in 2021 banned the stalkerware app SpyFone, its mother or father firm Help King, and its chief govt Scott Zuckerman from the surveillance trade. The order, unanimously authorized by the regulator’s 5 sitting commissioners, additionally demanded that Help King delete the telephone knowledge it illegally collected and notify victims that its app was secretly put in on their system.

Stalkerware, or spouseware, are apps which can be surreptitiously planted by somebody with bodily entry to an individual’s telephone, usually below the guise of household monitoring or baby monitoring, besides that these apps are designed to remain hidden from house screens, all of the whereas silently importing the contents of an individual’s telephone, together with their textual content messages, photographs, shopping historical past, and granular location knowledge.

However many stalkerware apps — like KidsGuard, TheTruthSpy and Xnspy — have safety flaws that put hundreds of individuals’s private telephone knowledge liable to additional compromise.

That additionally contains SpyFone, whose unsecured cloud storage server spilled the non-public knowledge stolen from greater than 2,000 victims’ telephones, prompting the FTC to analyze and subsequently ban Help King and its CEO Zuckerman from providing, distributing, selling, or in any other case helping within the sale of surveillance apps.

Since then, TechCrunch has acquired additional tranches of knowledge, together with from the interior servers of a stalkerware app known as SpyTrac, which is run by builders with ties to Help King.

Meet Aztec Labs

With greater than 1,000,000 person data, SpyTrac is among the greatest recognized energetic Android stalkerware operations, surpassing the variety of victims ensnared by TheTruthSpy greater than threefold. Regardless of its huge worldwide attain, U.S. guests to SpyTrac’s web site are blocked with an abrupt message stating that “your nation just isn’t supported.”

However SpyTrac is like some other stalkerware app, together with its means to remain hidden on a sufferer’s system. SpyTrac’s web site additionally makes no point out of the people operating the operation, more likely to defend the builders from authorized and reputational dangers related to operating a stalkerware operation.

In response to the information and different public data seen by TechCrunch, SpyTrac is managed by builders who work for each Help King and an outfit of builders known as Aztec Labs, which builds and maintains the SpyTrac stalkerware operation. Aztec Labs additionally maintains a near-identical Spanish-language stalkerware app known as Espía Móvil (which interprets to “spy cellular”), and one other clone stalkerware app known as StealthX Professional, the information reveals.

A few of the knowledge discovered on SpyTrac’s server straight connects SpyTrac to Help King.

One of many server information contained a set of Amazon Internet Providers personal keys that enable entry to cloud storage related to Help King and GovAssist, an internet site that claims to assist immigrants acquire U.S. visas and everlasting residency permits. The keys additionally enable entry to cloud storage for OneClickMonitor, a clone stalkerware app that Help King shut down similtaneously SpyFone.

Each Support King and GovAssist are headed by chief govt Scott Zuckerman.

When reached by e mail, Zuckerman advised TechCrunch: “We’re investigating your claims that SpyTrac inside knowledge was storing AWS keys which may be linked to S3 buckets regarding Help King, GovAssist, and OneClickMonitor. We take this very significantly and can adjust to all provisions of the FTC Order.”

A redacted screenshot from a SpyTrac video, which references SpyFone, a Help King surveillance app banned by the FTC a 12 months earlier. Picture Credit: TechCrunch (screenshot)

Entry logs seen by TechCrunch present not less than two Aztec Labs builders logging in to SpyTrac’s servers utilizing completely different units of credentials, however every from the identical IP addresses. Each of the builders logged in from IP addresses registered to a Bosnian residential broadband supplier utilizing credentials related to Aztec Labs, SpyTrac, and Help King e mail addresses.

One of many builders is Aztec Labs’ technical lead, whose LinkedIn says he’s based mostly in Sarajevo. His different public freelance portfolios checklist his work as a program supervisor at Help King, a job that he describes as “managing your complete IT crew.”

In response to LinkedIn profiles and different work portfolios, the technical lead and different SpyTrac builders additionally work on Zuckerman’s newest enterprise, GovAssist.

The entry logs additionally present a 3rd developer logging in to SpyTrac’s servers, additionally from their house IP handle in Sarajevo, utilizing completely different units of credentials related to Help King, Aztec Labs, and GovAssist e mail addresses.

In response, Zuckerman advised TechCrunch: “Neither I, nor any of my companies, are affiliated with Aztec Labs, SpyTrac, or [the technical lead, who] labored as an impartial contractor for Help King between June 2019 and October 2021. Nor do now we have entry to SpyTrac’s servers.”

The SpyFone connection

SpyFone, the stalkerware app banned by the FTC in September 2021, now not operates.

The interior SpyTrac knowledge now we have seen reveals that SpyFone issued its final buyer license simply days earlier than it was banned by the FTC. SpyFone’s area identify was sold to a different telephone surveillance maker, SpyPhone. Prospects attempting to log in to SpyFone’s net dashboard, used for accessing a sufferer’s stolen knowledge, have been redirected to SpyPhone’s web site as a substitute.

The FTC’s 2021 order additionally demanded that Help King delete the information it had illegally collected from SpyFone. However the inside SpyTrac knowledge seen by TechCrunch nonetheless accommodates hundreds of data related to SpyFone licenses assigned to the e-mail addresses of shopping for clients.

Each SpyFone license was offered by a reseller with a Help King e mail handle, the information confirmed.

SpyTrac additionally got here to the eye of safety researchers Vangelis Stykas and Felipe Solferini, whose months-long analysis recognized widespread and easy-to-find safety flaws in a number of stalkerware households, together with SpyTrac. Their findings, which they offered at BSides London this month, concerned decompiling the apps and mapping out their server infrastructure utilizing public web knowledge. Their proof hyperlinks SpyTrac to Help King.

Zuckerman stated in response: “Help King deleted all knowledge in its servers linked with SpyFone and OneClickMonitor clients pursuant to the FTC Order.”

A short while after TechCrunch contacted Zuckerman for remark, SpyTrac’s web site went offline with a message saying the “product is briefly not accessible.” The web sites for SpyTrac’s clone stalkerware apps, StealthX Professional and its Spanish-language clone Espía Móvil, additionally went offline. Aztec Labs’ web site additionally stopped loading.

After TechCrunch printed this piece, Help King’s web site additionally went offline.

A screenshot of the FTC discover on Help King’s web site. Picture Credit: TechCrunch (screenshot)

Stalkerware is a troublesome downside to fight. These operations are clandestine by design, making it troublesome for regulators to analyze or know below whose jurisdiction they fall.

In 2020, the FTC took its first ever motion towards a stalkerware operator, Retina-X, which was hacked a number of occasions and later shut down. The FTC’s second motion was towards Help King a 12 months later.

Firms that violate FTC orders can face appreciable civil penalties. Earlier this 12 months, Twitter was ordered to pay $150 million for violating an FTC order from 2011.

As an alternative, a lot of the hassle towards stalkerware and different business surveillance has been taken up by the tech trade, together with system makers Apple and Google, which have banned stalkerware apps. In 2020, Google additionally banned adverts in its search outcomes that promote stalkerware. Anti-malware suppliers who’re members of the Coalition Towards Stalkerware, which launched in 2019 to assist victims and survivors of stalkerware, collectively share signatures of recognized stalkerware apps and networks to dam them from engaged on their clients’ telephones.

A former FTC lawyer, who reviewed our findings forward of publication, advised TechCrunch that the proof factors to a probable breach of the FTC’s ban. As as to whether Help King broke its settlement with the FTC will in the end be for the company to resolve.

When reached, a spokesperson for the FTC declined to remark.

Should you or somebody you understand wants assist, the Nationwide Home Violence Hotline (1-800-799-7233) gives 24/7 free, confidential assist to victims of home abuse and violence. In case you are in an emergency state of affairs, name 911. The Coalition Against Stalkerware additionally has sources should you suppose your telephone has been compromised by adware. You’ll be able to contact this reporter on Sign and WhatsApp at +1 646-755-8849 or zack.whittaker@techcrunch.com by e mail.

Learn extra: