Avast Joins the Stalkerware Coalition - An Analysis

  

According to a blog post on Avast's blog the company is among the latest information security and antivirus companies to join the Stalkerware coalition in an attempt to prevent the mass distribution and possible widespread campaigns caused by boutique stalkerware applications which are often used by end users to spy on their friends and colleagues including family and relatives.

 

According to a recently released research and presented at the Virus Bulletin conference by ESET's Lukas Štefanko the company managed to find out that on the majority of occasions stalkerware applications are poorly coded and often represent a security and privacy risk for the actual stalker and user of the application and that they fall victim to a variety of security flaws and vulnerabilities which often include the actual compromise of  already collected and gathered information by third-parties.

 

Sample actionable intelligence on some of the currently active stalkerware variants spotted in the wild by ESET's Lukas Štefanko include:

 

hxxp://aispyer.com
hxxp://alltracker.org
hxxp://androidmonitor.com
hxxp://antifurtodroid.com
hxxp://appmia.com
hxxp://appspyfree.com
hxxp://a-spy.com
hxxp://blurspy.com
hxxp://catwatchful.com
hxxp://cerberusapp.com
hxxp://clevguard.com
hxxp://cocospy.com
hxxp://copy9.com
hxxp://coupletracker.com
hxxp://ddiutilities.com
hxxp://easemon.com
hxxp://logger.mobi
hxxp://easyphonetrack.com
hxxp://flexispy.com
hxxp://fonetracker.com
hxxp://myfonemate.com
hxxp://fonemonitor.co
hxxp://foreverspy.com
hxxp://freeandroidspy.com
hxxp://guestspy.com
hxxp://highstermobile.com
hxxp://hoverwatch.com
hxxp://ikeymonitor.com
hxxp://imonitorke.com
hxxp://109.235.66.53
hxxp://ispyoo.com
hxxp://theispyoo.com
hxxp://jjspy.com
hxxp://trackmyphones.com
hxxp://letmespy.com
hxxp://androidlost.com
hxxp://callsmstracker.com
hxxp://meuspy.com
hxxp://minspy.com
hxxp://mtoolapp.net
hxxp://mobiletool.ru
hxxp://mtoolapp.biz
hxxp://mobile-tracker-free.com
hxxp://mobilespy.at
hxxp://mobistealth.com
hxxp://mspy.com
hxxp://mxspy.com
hxxp://neatspy.com
hxxp://neospy.net
hxxp://neospy.pro
hxxp://neospy.tech
hxxp://netspy.net
hxxp://en.ownspy.com
hxxp://phonesheriff.com
hxxp://phonespying.com
hxxp://trackmyphones.com
hxxp://reptilicus.net
hxxp://shadow-spy.com
hxxp://sap4mobile.com
hxxp://snoopza.com
hxxp://spappmonitoring.com
hxxp://spytomobile.com
hxxp://spycell.net
hxxp://spyhuman.com
hxxp://spyic.com
hxxp://spyier.com
hxxp://spyine.com
hxxp://spylive360.com
hxxp://spyfone.com
hxxp://spyphone.com
hxxp://phonetracker.com
hxxp://spytoapp.com
hxxp://spyzee.com
hxxp://spyzie.io
hxxp://trackview.net
hxxp://89.47.91.131
hxxp://wt-spy.com
hxxp://xnore.com
hxxp://talklog.tools
hxxp://teensafe.net
hxxp://thetruthspy.com
hxxp://tispy.net
hxxp://trackmyphones.com
hxxp://spyequipmentuk.co.uk
hxxp://usafe.ru

Sample personally identifiable information on the actual stalkerware domains which could assist in possible cyber attack attribution and cyber attribution campaigns:

 

5LLIQUIDATION@GMAIL.COM
ad20nikunj@gmail.com
bytepioneers@gmail.com
ciucaandrei@yahoo.com
dalyjohns@yahoo.com
de.russcity@gmail.com
e.tabunow@gmail.com
ernesto2020@yandex.com
gad2005@bk.ru
gooveg@gmail.com
immobilespy@yahoo.com
ispyoo@yahoo.com
itix.llc@gmail.com
jacksrow1980@gmail.com
jerry-howard@hotmail.com
jjmomanyis@gmail.com
jordanlevexier@gmail.com
karanthsrihari@gmail.com
m2mstat@gmail.com
micro.freetracker@gmail.com
mobileinnova@gmail.com
mspycotherg@gmail.com
pavel_mikhailov@mail.ru
pub144@hotmail.com
puja2rani@gmail.com
reshamkdk@gmail.com
ronaldoblumenthal@gmail.com
sqlove@gmail.com
sriharikaranth@gmail.com
theisborg@gmail.com
twhanna13@yahoo.com
wirelessha@yahoo.com
zee.zaragoza@gmail.com