Overview
- A security flaw in Catwatchful’s unauthenticated API exposed more than 62,000 customer email addresses and passwords along with data from 26,000 victim devices.
- The spyware remained operational on its Google Firebase and HostGator servers after a brief suspension by its hosting provider.
- Google has updated Play Protect to detect Catwatchful installations and is investigating possible Firebase terms-of-service violations.
- Researcher Eric Daigle’s discovery also revealed the operator’s identity as Uruguay-based developer Omar Soca Charcov, who has not issued any public statement.
- Catwatchful is the fifth known stalkerware operation to suffer a data spill this year, underscoring ongoing privacy and security risks of consumer-grade spyware.