On June 9, 2025, security researcher Eric Daigle found a major weakness in Catwatchful.
Catwatchful is a known Android stalkerware application that presents itself as parental control software. The weakness caused a large data breach. The information of over 62,000 users was exposed. This included unencrypted login details, private emails, and the administrator’s own account information.
The breach exposed the spyware’s whole customer database. This included passwords in plain text. These passwords were used to get to private content taken from thousands of victims’ phones. The content included live location data, messages, call logs, photos, and recordings, all gathered without their knowledge.
What is Catwatchful, and What Was Exposed?
Catwatchful is a powerful type of spyware. It is falsely advertised as an invisible child monitoring application. In truth, it acts as stalkerware, also known as spouseware. It is made for secret, non-consensual monitoring.
After being placed on a device, the application secretly sends a victim's most private data to a dashboard.
This data includes photos, text messages, and real-time GPS location. The person who installed the application can view this dashboard. The spyware can also turn on the phone's microphone from a distance to record live audio and access its cameras.
The breach showed the full size of the operation. It exposed email addresses and passwords for more than 62,000 customers. More troubling, the stolen information was connected to the personal phone data of over 26,000 victims. Records show the operation has been active since at least 2018.
Unmasking the Administrator and Technical Failures
A significant operational security mistake led to the discovery of the spyware's administrator. His identity was found in the spyware's own database. His name is Omar Soca Charcov, a developer located in Uruguay. His information was the first record in the user database. This is a frequent error made by developers who test spyware on themselves.
Charcov was contacted but did not reply. He also did not say if he would inform his customers about the breach.
The weakness came from a basic security problem: an unauthenticated API. This allowed anyone on the internet to directly get information from the user database without needing any login credentials.
Researcher Eric Daigle discovered that the spyware used Google's Firebase platform. This platform stored the large quantities of stolen victim data, such as photos and audio recordings.
How to Detect and Remove Catwatchful Spyware
Catwatchful states it cannot be found or uninstalled. However, a built-in function permits anyone to check if it is present. It is important to have a safety plan before removal. The person who placed the spyware may be notified.
To find the application, open your Android phone's dialer. Enter the code 543210 and press the call button. If Catwatchful is on the device, this command will make the application show on your screen. You can then remove it.
The spread of poorly secured stalkerware like Catwatchful creates extreme risk for both its users and its victims. It is more important than ever to protect your personal devices from this invasive threat.
Learn how to protect your digital identity and secure your devices with Infisign.
