Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

Amazon is still hosting stalkerware victims’ data weeks after breach alert


Amazon, Techcrunch at TechCrunch, noting that the stolen telephone data is hosting, Amazon’s Cloud servers will not plan to move on to three phone control applications, including Amazon Cloud servers.

Said to Amazon Techcrunch “following [its] The process “February after our notice, but until the time of the publication of this article, Stalkerware Operations continue to download and store photos eroded from people’s phones in Cocospy, Spyic and Spyzie, Amazon web services.

Cocospy, spyand Spyzie The same source code and a general security error, which discovers a security researcher who discovers it, and the three-known Android applications that offer details. The researcher said that the transactions were exposed to 3.1 million people in the telephone data, and the devices of the victims of the victims of many were not imagined. The researcher shared the information with a violation notice site I’m pwned.

As part of our Stalkerware operations included in the analysis of applications, TechCrunch, some content of a device corrupted by Stalkerware applications was downloaded to the Amazon Web Services or AWS services.

TechCrunch told Amazon on February 20 that he was hosting previous information from the week before this week and he warned that we warned Amazon in the beginning of this week and hosted telephone data from Spyzie.

In both e-mail, the TechCrunch, each special Amazon-Hosted storage, which includes information received from the phones of the victims, entered the name “bucket”.

In response, Amazon spokesman Ryan Walsh spoke to Techcrunch: “When we receive the terms of our customers, we quickly review and take steps to the Amazon website hosting a reporting form, but It does not comment on the status of the Amazon servers used by applications.

This week, in a tracking email, TechCrunch, Amazon-Hosted Storage Bucket names referred to the February 20 e-mail.

In response, Walsh thanked Techcrunch to “bring this to our attention” and created another connection to Amazon’s warning form. When Amazon plans to move against buckets, Walsh answered: “We have not received information about the abuse of TechCrunch through the link we have already previously.”

Amazon Spukperson Casey McGee, which is copied on email, claimed that this rope will be inaccurate to characterize the essence of the thread [sic] Organizes ‘report’ on any potential abuse. “

Amazon Web Services, Paid Customers, saves $ 39.8 billion in 2024 The company’s 2024 full annual earningsRepresents the majority of Amazon’s total annual income.

CocoSpy, Spyic and storage buckets used by Spyzie are still active.

Why is this important

Amazon’s own Acceptable use policy It is widespread that allows the company to host customers’ platform. Amazon does not seem to be an argument to download spy software and Stalker software operations to download data on the platform. Instead, Amazon’s dispute seems to be completely procedural.

This is not a journalist’s case – or others – to the police that host on Amazon’s platform or on the cloud platform of any other company.

Amazon uses both material and technologically, both financially and technologically, both technologically and technologically, to use their own policy by ensuring that bad actors are not abused by their own service.

In the end, TechCrunch, notification to Amazon, including the information of the stolen personal telephone information, provided information. Amazon, according to the information he received, made a choice to avoid action.

How did we find the information of the victims hosted by Amazon

When learning to break the data related to TechCrunch control – In recent years, dozens of Stalkerware hack and leaks – We examine learning a lot about the transactions as possible.

Our research can Help to identify the victims of the phones hackedHowever, both control operators themselves, as well as control operators, as well as platforms used to host the stolen information of the victims of which platforms can be used. TechCrunch will also analyze applications (where available) to help victims Determine how to identify and delete programs.

As part of our reporting process, TechCrunch, as a standard experience for journalists who plan to celebrate a company, will reach a company that we have identified as hosting or supporting spy software and Stalker software operations. Not rare for companies like Web Hosts and Payment ProcessorsStop accounts or delete information to violate their own terms of serviceincluding Previous spy software operations hosting in Amazon.

In February, TechCrunch, CocoSpy and Spyicin were broken and we learned that we were further investigated.

The data showed that most of the victims have started downloading and installing, downloading and installing Cocospy and Spyic applications on an Android device owners, TechCrunch, Virtual Android device. .

We have used a network traffic analysis tool to check how each application works and how phone data can help you understand which telephone data is confidential.

Web traffic, two Stalker Software app, like the information, photos of some victims, was loaded as the facilities as the names hosted by Amazon web services.

Screenshot of a browser window displaying an image that has a guest in AWS: "This is the evidence that CocoSpy has still hosted the data from the downloaded victims, cocospymia.s3.us-west - hosted at West-1.amazonaws.com."
A photograph that hosts amazon web services loaded with a virtual Android device is compromised with CocoSpy Stalkerware during a TechCrunch investigation Photo credits:Techcrunch

We have confirmed the CocoSpy and Spyic user dashboard, which allows people who plant stalkerware applications to see the stolen information of the target. Web rifles allow us to compromise once we broke our virtual device with the content of our virtual device’s photo gallery, once with Stalkerware applications.

When opening the content of our device’s photo gallery from any application web dashboard, pictures downloaded from web addresses with appropriate bucket names amazonaws.com Domain managed by Amazon Web Services.

Next News Spyzie’s Information Violation NewsTechCrunch also analyzed Spyzie’s Android app using a network analysis tool and found the traffic information to be the same as Cocospy and Spyic. The Spyzie application, in the cloud of Amazon on Amazon, I downloaded the device’s device information to the storage scoop.


If you or someone need help you, the National Domestic Violence Hotline (1-800-799-7233) provides confidential support for the victims of free, household operation and violence. If you are in an emergency, call 911. The one Coalition against Stalkerware If you think your phone is compromised with a spy program you have resources.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *