‘Stalkerware’ Seller Shuts Down Apps ‘Indefinitely’ After Getting Hacked Again
A company that sells spyware or “stalkerware” for everyday users has ceased operations of its handful of apps that monitor computers and cellphones.
Image: Lorenzo Franceschi-Bicchierai/Motherboard
A company that sells spyware to regular consumers is “immediately and indefinitely halting” all of its services, just a couple of weeks after a new damaging hack.
Retina-X Studios, which sells several products marketed to parents and employers to keep tabs on their children and employees—but also used by jealous partners to spy on their significant others—announced that its shutting down all its spyware apps on Tuesday with a message at the top of its website.
“Regrettably Retina-X Studios, which offers cutting edge technology that helps parents and employers gather important information on devices they own, has been the victim of sophisticated and repeated illegal hackings,” read the message, which was titled “important note” in all caps.
Got a tip? You can contact Lorenzo Franceschi-Bicchierai securely on Signal on +1 917 257 1382 and Joseph Cox on Signal on +44 20 8133 5190. Details on our SecureDrop, a system to anonymously submit documents or information, can be found here.
The company sells subscriptions to apps that allow the operator to access practically anything on a target’s phone or computer, such as text messages, emails, photos , and location information. Retina-X is just one of a slew of companies that sell such services, marketing them to everyday users—as opposed to law enforcement or intelligence agencies. Some critics call these apps “Stalkerware.”
As Motherboard showed last year, some of these companies specifically market themselves as tools to catch cheating spouses without them knowing, or consenting. And even those who don’t, such as Retina-X, still have users who employ their apps for that illegal purpose—when a hacker first breached the company in 2017, data provided to Motherboard contained intercepted text messages indicating the malware was being used to spy non-consensually on some victims.
In its announcement, the company admitted that a hacker accessed and exposed “some photographic material” of two of its apps, TeenShield and PhoneSheriff. But added that “No personal data was accessed.”
“As a result, and to protect our valued customers, Retina-X Studios is immediately and indefinitely halting its PhoneSheriff, TeenShield, SniperSpy and Mobile Spy products. We will be offering pro-rated refunds to any customers who currently have a contract with Retina-X Studios for these services,” the message continued.
On February 16, Motherboard reported that the same vigilante hacker who had hacked into Retina-X last year had done it again. The hacker proved to Motherboard that he was able to see all customer’s photos from a poorly protected cloud storage server. He said he then wiped the server, just like he had done the year before, when he broke into the company and gained access to pretty much everything, including gigabytes of customer data.
At the time, Retina-X denied there had been a data breach. Now, the company not only admitted the breach but also lashed out at the hacker.
“The perpetrators of these illegal acts have been motivated by their unfounded opposition to the private activities of parents and employers on devices they own and with the consent of users of the devices. The perpetrators, who will likely never be identified or brought to justice, have shared their actions with online publications to gain attention. They are cowards who work in the dark and use the media to promote their agenda.”
It’s unclear why Retina-X decided to take such a dramatic decision this year and not last year, when the hacker accessed much more than just their cloud storage servers. A spokesperson for Retina-X did not immediately respond to a request for comment.
Last year, the hacker shared some hacked data with Motherboard, showing that he had access to Retina-X’s customer email addresses and some plaintext and hashed passwords; the alleged GPS locations of thousands of surveillance targets; and data taken from target’s phones and computers, such as photos, text messages, emails, and contacts.
The hacker said he was “pleased” that the company is taking down services “that violate privacy and enable abuse.”
“If they genuinely improve their security and come back, that's still an improvement over the previous situation where sensitive data was up on the internet for any attacker to grab. If they go down permanently, that's even better,” the hacker told Motherboard in an encrypted chat. “Or maybe they'll just resurface under another name, in which case I'll be watching.”
Get six of our favorite Motherboard stories every day by signing up for our newsletter.