one year later A notorious phone-surveillance company is back, after a TechCrunch investigation found it had been banned by the FTC.
A groundbreaking FTC order in 2021 prohibit Tracking software app SpyFone, its parent company Support King and its CEO Scott Zuckerman from the surveillance industry. The order, which was unanimously approved by the watchdog’s five current commissioners, also requires Support King to delete phone data it had illegally collected and notify victims that its app had been secretly installed on their devices.
Stalkerware or spouseware are apps secretly planted by someone who has physical access to a person’s phone, usually under the guise of family stalking or child monitoring, except the apps are designed to hide from the home screen while silently uploading to a person’s phone all the time content, including their text messages, photos, browsing history and detailed location data.
This also includes SpyFone, whose Insecure Cloud Storage Servers Personal data stolen from more than 2,000 victims’ phones was leaked, prompting FTC to investigate and Subsequent ban Support King and its CEO Zuckerman in providing, distributing, promoting or otherwise assisting in the sale of surveillance applications.
Since then, TechCrunch has received more data, including from an internal server of a tracking software application called SpyTrac, which was run by a developer connected to Support King.
Meet Aztec Labs
With over 1.3 million infected devices, SpyTrac is one of the largest known active Android stalker operations, surpassing the number of victims snared by TheTruthSpy more than three times. Despite SpyTrac’s extensive international reach, US visitors to the SpyTrac website are blocked by an abrupt message stating “Your country/region is not supported”.
But SpyTrac is just like any other stalkerware application, including its ability to hide on the victim’s device. SpyTrac’s website also doesn’t mention the individuals who ran the operation, likely to protect developers from the legal and reputational risks associated with running tracking software operations.
According to data and other public records seen by TechCrunch, SpyTrac is managed by developers who work for Support King and a developer team called Aztec Labs, which builds and maintains the SpyTrac tracking software operation. Aztec Labs also maintains a nearly identical Spanish-language stalker app called Espía Móvil (which translates to “spy phone”), and another clone stalker app called StealthX Pro, the data shows.
Some data found on the SpyTrac server connects SpyTrac directly to Support King.
One of the server files contained a set of Amazon Web Services private keys that allowed access to cloud storage related to Support King and GovAssist, a website that claims to help immigrants obtain U.S. visas and permanent residence permits. The keys also allowed access to the cloud storage of OneClickMonitor, a clone tracking software application that Support King shut down at the same time as SpyFone.
When reached by email, Zuckerman told TechCrunch: “We are investigating your claims that SpyTrac internal data is storing AWS keys that may be connected to S3 buckets associated with Support King, GovAssist, and OneClickMonitor. We We take this very seriously and will comply with all provisions of the FTC order.”
Access logs seen by TechCrunch show that at least two Aztec Labs developers logged into SpyTrac’s servers using different sets of credentials, but each from the same IP address. The two developers logged in from IP addresses registered to Bosnian residential broadband providers using credentials associated with Aztec Labs, SpyTrac, and Support King email addresses.
One of the developers is a technical director at Aztec Labs, whose LinkedIn says he is based in Sarajevo. His other public freelance portfolio lists his work at Support King as a project manager, a role he describes as “managing an entire IT team”.
The tech lead and other SpyTrac developers also worked on Zuckerman’s latest project, GovAssist, according to a LinkedIn profile and other job portfolio.
Access logs also revealed that a third developer also logged into SpyTrac’s servers from their home IP address in Sarajevo, using a different set of credentials associated with Support King, Aztec Labs, and GovAssist email addresses.
In response, Zuckerman told TechCrunch: “I am not affiliated with Aztec Labs, SpyTrac or any of my businesses. [the technical lead, who] Worked as an independent contractor for Support King between June 2019 and October 2021. We also do not have access to SpyTrac’s servers. “
SpyFone, the stalkerware app banned by the FTC in September 2021, no longer works.
Internal SpyTrac data we’ve seen shows that SpyFone issued its last client license a few days before being banned by the FTC. SpyFone’s domain name is Sell Another phone monitoring maker, SpyPhone. Customers who attempted to log into the SpyFone web dashboard used to access victims’ stolen data were redirected to SpyPhone’s website.
The FTC’s 2021 order also requires Support King to delete data it illegally collected from SpyFone. But internal SpyTrac data seen by TechCrunch still contained thousands of records related to SpyFone licenses assigned to purchased customer email addresses.
The data shows that every SpyFone license is sold by a reseller with a Support King email address.
SpyTrac has also caught the attention of security researchers vangelis stikas with Felipe Solferini, whose months-long research identified common and easy-to-find security flaws in several tracking software families, including SpyTrac.their discovery, they were BSidesLondon This month, it involved decompiling an application and mapping its server infrastructure using public internet data. Their evidence links SpyTrac to Support King.
Zuckerman responded that “Support King, pursuant to an FTC order, deleted all data from its servers related to SpyFone and OneClickMonitor customers.”
Shortly after TechCrunch contacted Zuckerman for comment, SpyTrac’s website went offline with a message saying “product temporarily unavailable.” The websites of SpyTrac’s clone-tracking software app, StealthX Pro, and its Spanish-language clone, Espía Móvil, have also gone offline. Aztec Labs’ website also stopped loading.
Tracking software is a difficult problem to solve. These operations are secretive by design, making it difficult for regulators to investigate or know whose jurisdiction they fall under.
In 2020, the FTC took its first action against tracking software operator Retina-X, which has been hacked multiple times and later turn offA year later, the FTC took a second action against Support King.
Companies that violate the FTC’s order could face sizeable civil penalties. Earlier this year, Twitter Ordered $150 million for violating the FTC’s 2011 order.
Instead, much of the effort against stalkerware and other commercial surveillance has been borne by the tech industry, including device makers Apple and Google, which ban stalkerware apps. In 2020, Google also bans ads promoting tracking software in its search results. The anti-malware provider is a member of the Anti-Stalkware Coalition, formed in 2019 to support stalkware victims and survivors who collectively share signatures of known stalkware apps and networks to stop them Work from your client’s mobile phone.
A former FTC attorney who reviewed our findings before publication told TechCrunch that the evidence suggests a possible violation of the FTC’s injunction. Whether Support King violated its agreement with the FTC will ultimately be determined by the agency.
A spokesman for the FTC declined to comment when contacted.
If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support for victims of domestic violence and domestic violence. If you are in an emergency, please call 911. Anti-Trackware Coalition There are also resources if you think your phone has been compromised by spyware. You can reach this reporter on Signal and WhatsApp at +1 646-755-8849 or firstname.lastname@example.org.