CybersecurityNewswireSecurityTechnology

Covert Surveillance App Exposes 62,000 User Passwords

Photo of The Wiz The Wiz Follow on X Send an email July 4, 2025Last Updated: July 4, 2025
1 minute read
▼ Summary

– A phone monitoring app called Catwatchful exposed 62,000 users’ sensitive data, including email addresses and plain-text passwords, due to a security flaw.
– Researcher Eric Daigle discovered the leak, which was caused by a SQL injection vulnerability allowing unauthorized access to user accounts and stored data.
– Catwatchful markets itself as a stealthy, undetectable app for monitoring Android devices, emphasizing its invisibility and inability to be uninstalled.
– While the app claims to be legal for parental monitoring, its focus on stealth raises concerns about potential misuse by individuals with other motives.
– The app’s promotional material highlights its ability to operate in hidden mode, enabling users to monitor a phone without the owner’s knowledge.

A popular Android surveillance app marketed as undetectable has exposed the sensitive data of 62,000 users, including email addresses and unencrypted passwords, due to a critical security vulnerability.

Security researcher Eric Daigle uncovered the breach after discovering a SQL injection flaw in Catwatchful, an app designed for covert phone monitoring. The weakness allowed unauthorized access to user accounts, exposing personal information and stored data.

Catwatchful promotes itself as a tool for discreet monitoring, with claims that it operates invisibly on target devices. Marketing materials boast features like resistance to detection, uninstallation, and forced closure, positioning it as an all-seeing tool for phone surveillance. While developers position it as a parental control solution, the emphasis on stealth raises concerns about potential misuse.

The app’s website explicitly states, “Catwatchful is invisible, it cannot be detected, uninstalled, or stopped. Only you can access the collected data.” Further descriptions highlight its ability to monitor devices without the owner’s knowledge, reinforcing its appeal for covert operations.

This incident underscores the risks of using surveillance tools that prioritize secrecy over security. Unencrypted passwords and exposed user data demonstrate how easily such apps can backfire, turning monitoring tools into liabilities for those who rely on them. The breach serves as a reminder that even tools designed for stealth can become vulnerable when basic security measures are overlooked.

(Source: Ars Technica)

Topics

phone monitoring app data breach 95% sql injection vulnerability 90% exposed sensitive user data 85% catwatchful app features 80% stealth undetectability claims 75% potential misuse concerns 70% parental control vs covert surveillance 65% security risks surveillance tools 60%
Tags
Photo of The Wiz The Wiz Follow on X Send an email July 4, 2025Last Updated: July 4, 2025
1 minute read
Show More
Photo of The Wiz

The Wiz

Wiz Consults, home of the Internet is led by "the twins", Wajdi & Karim, experienced professionals who are passionate about helping businesses succeed in the digital world. With over 20 years of experience in the industry, they specialize in digital publishing and marketing, and have a proven track record of delivering results for their clients.
Close

Adblock Detected

We noticed you're using an ad blocker. To continue enjoying our content and support our work, please consider disabling your ad blocker for this site. Ads help keep our content free and accessible. Thank you for your understanding!