Support King, banned by FTC, linked to new stalkerware operation

A 12 months after it was banned by the Federal Trade Commission, a infamous telephone surveillance firm is again in all however identify, a Thealike investigation has discovered.

A groundbreaking FTC order in 2021 banned the stalkerware app SpyFone, its mum or dad firm Support King, and its chief government Scott Zuckerman from the surveillance business. The order, unanimously authorized by the regulator’s 5 sitting commissioners, additionally demanded that Support King delete the telephone knowledge it illegally collected and notify victims that its app was secretly put in on their system.

Stalkerware, or spouseware, are apps which are surreptitiously planted by somebody with bodily entry to an individual’s telephone, usually below the guise of household monitoring or baby monitoring, besides that these apps are designed to remain hidden from house screens, all of the whereas silently importing the contents of an individual’s telephone, together with their textual content messages, pictures, shopping historical past, and granular location knowledge.

But many stalkerware apps — like KidsGuard, TheTruthSpy and Xnspy — have safety flaws that put hundreds of individuals’s private telephone knowledge vulnerable to additional compromise.

That additionally contains SpyFone, whose unsecured cloud storage server spilled the non-public knowledge stolen from greater than 2,000 victims’ telephones, prompting the FTC to analyze and subsequently ban Support King and its CEO Zuckerman from providing, distributing, selling, or in any other case helping within the sale of surveillance apps.

Since then, Thealike has obtained additional tranches of information, together with from the inner servers of a stalkerware app referred to as SpyTrac, which is run by builders with ties to Support King.

Meet Aztec Labs

With greater than 1.3 million compromised units, SpyTrac is likely one of the largest identified energetic Android stalkerware operations, surpassing the variety of victims ensnared by TheTruthSpy greater than threefold. Despite its huge worldwide attain, U.S. guests to SpyTrac’s web site are blocked with an abrupt message stating that “your country is not supported.”

But SpyTrac is like another stalkerware app, together with its capacity to remain hidden on a sufferer’s system. SpyTrac’s web site additionally makes no point out of the people working the operation, prone to protect the builders from authorized and reputational dangers related to working a stalkerware operation.

According to the info and different public information seen by Thealike, SpyTrac is managed by builders who work for each Support King and an outfit of builders referred to as Aztec Labs, which builds and maintains the SpyTrac stalkerware operation. Aztec Labs additionally maintains a near-identical Spanish-language stalkerware app referred to as Espía Móvil (which interprets to “spy mobile”), and one other clone stalkerware app referred to as StealthX Pro, the info exhibits.

Some of the info discovered on SpyTrac’s server immediately connects SpyTrac to Support King.

One of the server recordsdata contained a set of Amazon Web Services non-public keys that permit entry to cloud storage related to Support King and GovAssist, a web site that claims to assist immigrants get hold of U.S. visas and everlasting residency permits. The keys additionally permit entry to cloud storage for OneClickMonitor, a clone stalkerware app that Support King shut down concurrently SpyFone.

Both Support King and GovAssist are headed by chief government Scott Zuckerman.

When reached by electronic mail, Zuckerman instructed Thealike: “We are investigating your claims that SpyTrac internal data was storing AWS keys that may be connected to S3 buckets relating to Support King, GovAssist, and OneClickMonitor. We take this very seriously and will comply with all provisions of the FTC Order.”

Access logs seen by Thealike present no less than two Aztec Labs builders logging in to SpyTrac’s servers utilizing completely different units of credentials, however every from the identical IP addresses. Both of the builders logged in from IP addresses registered to a Bosnian residential broadband supplier utilizing credentials related to Aztec Labs, SpyTrac, and Support King electronic mail addresses.

One of the builders is Aztec Labs’ technical lead, whose LinkedIn says he’s primarily based in Sarajevo. His different public freelance portfolios checklist his work as a program supervisor at Support King, a task that he describes as “managing the entire IT team.”

According to LinkedIn profiles and different work portfolios, the technical lead and different SpyTrac builders additionally work on Zuckerman’s newest enterprise, GovAssist.

The entry logs additionally present a 3rd developer logging in to SpyTrac’s servers, additionally from their house IP handle in Sarajevo, utilizing completely different units of credentials related to Support King, Aztec Labs, and GovAssist electronic mail addresses.

In response, Zuckerman instructed Thealike: “Neither I, nor any of my businesses, are affiliated with Aztec Labs, SpyTrac, or [the technical lead, who] worked as an independent contractor for Support King between June 2019 and October 2021. Nor do we have access to SpyTrac’s servers.”

The SpyFone connection

SpyFone, the stalkerware app banned by the FTC in September 2021, now not operates.

The inside SpyTrac knowledge we’ve got seen exhibits that SpyFone issued its final buyer license simply days earlier than it was banned by the FTC. SpyFone’s area identify was sold to a different telephone surveillance maker, SpyPhone. Customers making an attempt to log in to SpyFone’s net dashboard, used for accessing a sufferer’s stolen knowledge, have been redirected to SpyPhone’s web site as an alternative.

The FTC’s 2021 order additionally demanded that Support King delete the info it had illegally collected from SpyFone. But the inner SpyTrac knowledge seen by Thealike nonetheless comprises hundreds of information related to SpyFone licenses assigned to the e-mail addresses of shopping for prospects.

Every SpyFone license was offered by a reseller with a Support King electronic mail handle, the info confirmed.

SpyTrac additionally got here to the eye of safety researchers Vangelis Stykas and Felipe Solferini, whose months-long analysis recognized frequent and easy-to-find safety flaws in a number of stalkerware households, together with SpyTrac. Their findings, which they offered at BSides London this month, concerned decompiling the apps and mapping out their server infrastructure utilizing public web knowledge. Their proof hyperlinks SpyTrac to Support King.

Zuckerman stated in response: “Support King deleted all data in its servers connected with SpyFone and OneClickMonitor customers pursuant to the FTC Order.”

A short while after Thealike contacted Zuckerman for remark, SpyTrac’s web site went offline with a message saying the “product is temporarily not available.” The web sites for SpyTrac’s clone stalkerware apps, StealthX Pro and its Spanish-language clone Espía Móvil, additionally went offline. Aztec Labs’ web site additionally stopped loading.

A screenshot of the FTC discover on Support King’s web site. Image Credits: Thealike (screenshot)

Stalkerware is a tough drawback to fight. These operations are clandestine by design, making it tough for regulators to analyze or know below whose jurisdiction they fall.

In 2020, the FTC took its first ever motion in opposition to a stalkerware operator, Retina-X, which was hacked a number of occasions and later shut down. The FTC’s second motion was in opposition to Support King a 12 months later.

Companies that violate FTC orders can face appreciable civil penalties. Earlier this 12 months, Twitter was ordered to pay $150 million for violating an FTC order from 2011.

Instead, a lot of the trouble in opposition to stalkerware and different business surveillance has been taken up by the tech business, together with system makers Apple and Google, which have banned stalkerware apps. In 2020, Google additionally banned adverts in its search outcomes that promote stalkerware. Anti-malware suppliers who’re members of the Coalition Against Stalkerware, which launched in 2019 to assist victims and survivors of stalkerware, collectively share signatures of identified stalkerware apps and networks to dam them from engaged on their prospects’ telephones.

A former FTC legal professional, who reviewed our findings forward of publication, instructed Thealike that the proof factors to a possible breach of the FTC’s ban. As as to if Support King broke its settlement with the FTC will finally be for the company to determine.

When reached, a spokesperson for the FTC declined to remark.

If you or somebody you realize wants assist, the National Domestic Violence Hotline (1-800-799-7233) supplies 24/7 free, confidential assist to victims of home abuse and violence. If you’re in an emergency scenario, name 911. The Coalition Against Stalkerware additionally has assets in the event you assume your telephone has been compromised by spyware and adware. You can contact this reporter on Signal and WhatsApp at +1 646-755-8849 or [email protected] by electronic mail.

Read extra: