The New York attorney general’s office has announced a $410,000 fine for a stalkerware developer who used 16 companies to promote surveillance tools illegally.
Stalkerware (or spyware) platforms allow their customers to monitor other people’s phones without the users’ knowledge. In some, if not most cases, they’re also used to monitor the targets’ online activity and collect sensitive user information like their location that later could be used for blackmail or various other malicious purposes.
Patrick Hinchy, the spyware vendor, also agreed to alert his customers’ victims that their phones are being secretly monitored using one of his multiple apps, including Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint, or TurboSpy.
These surveillance apps enabled Hinchy’s customers to secretly monitor what other individuals were doing on their mobile devices, including location, browsing history, call logs, text messages, photos and videos, email activity, WhatsApp and Skype chats, and social media activity.
Some of the stalkerware apps “also enabled a user to remotely activate the camera or microphone of the Target Device to enable spying or eavesdropping on the owner of the device,” according to the agreement.
The stalkerware ads were also used to trick customers into believing that spying was legal even though installing such software on someone else’s device without consent violates numerous state and federal laws.
“Snooping on a partner and tracking their cell phone without their knowledge isn’t just a sign of an unhealthy relationship, it is against the law,” Attorney General James said.
“These apps and products put New Yorkers at risk of stalking and domestic abuse, and were aggressively promoted by Patrick Hinchy through 16 different companies.
“Today’s agreement will block these companies from allowing New Yorkers to be monitored without their awareness, and will continue our ongoing fight to protect New Yorkers’ rights, safety, and privacy.”
In September 2021, the U.S. Federal Trade Commission also banned stalkerware maker Spyfone from the surveillance business. The settlement also required Spyfone to notify the owners of the devices where the stalkerware was installed that the devices were monitored and no longer secure.
This happened three years after an August 2018 data breach caused by an unprotected Amazon S3 bucket containing several terabytes of data harvested from over 3,600 devices.
In October 2019, the FTC also blocked Retina-X Studios (aka Retina-X) from selling three stalkerware mobile apps (MobileSpy, PhoneSheriff, and TeenShield). Retina-X stopped selling them in 2018 before the FTC settlement after two cloud storage breaches from February 2017 and February 2018.
Advertising for spyware and surveillance tech on Google has also been banned globally starting August 11, 2020, after the search giant updated its Google Ads Enabling Dishonest Behavior policy one month earlier.
Source: https://www.bleepingcomputer.com/news/security/ny-attorney-general-forces-spyware-vendor-to-alert-victims/