Google has suspended the account of Catwatchful, a phone surveillance operator that used Google’s Firebase platform to host and operate its monitoring software.
The shutdown follows concerns raised a month ago when Google was alerted about Catwatchful’s misuse of its servers. The spyware relied heavily on Firebase to store and manage large volumes of stolen data from thousands of compromised phones.
“We’ve investigated these reported Firebase operations and suspended them for violating our terms of service,” said Google spokesperson Ed Fernandez.
Google declined to comment on why it took a month to complete the investigation and suspend the account. Its terms of use broadly prohibit hosting malicious software or spyware, but as a commercial entity, Google balances enforcement with retaining paying customers.
Spyware Operations Halted, Data Exposed
As of Friday, Catwatchful’s spyware no longer appears active or transmitting data, based on recent network traffic analyses.
Catwatchful targeted Android devices, disguising itself as a child-monitoring app that remained hidden on the user’s phone. Installation required physical access and knowledge of the target’s passcode. Classified as “stalkerware” or “spouseware,” these apps are often used for non-consensual surveillance of intimate partners, which is illegal.
Once installed, Catwatchful covertly uploaded private messages, photos, location data, and more to a web dashboard accessible to the operator.
The spyware’s backend database was found to have a critical security vulnerability allowing unauthenticated access to sensitive data, including over 62,000 customer email addresses and plaintext passwords, plus details on roughly 26,000 victim devices.
Operator and Response
The administrator behind Catwatchful was identified as Omar Soca Charcov, a developer based in Uruguay. When contacted, Charcov did not respond to inquiries about the breach or notification plans for affected users.
Due to lack of response, the exposed data was shared with the data breach notification service Have I Been Pwned to alert victims.
Catwatchful is the latest spyware operation to suffer a data breach, largely due to inadequate cybersecurity practices. It marks the fifth such incident this year alone and adds to a list of more than two dozen known spyware operations exposed since 2017.
Android users can check for the presence of Catwatchful spyware — even if hidden — by dialing 543210 on the phone keypad and pressing the call button.
What The Author Thinks
The Catwatchful incident highlights a persistent problem with spyware vendors: poor security practices and a blatant disregard for user privacy. Until stricter regulations and stronger technical safeguards are enforced, these malicious apps will continue to expose vulnerable users to severe privacy violations and data breaches. Tech companies hosting such services must adopt more aggressive monitoring and rapid response protocols to protect users from this ongoing threat.
Featured image credit: Adarsh Chauhan via Unsplash
For more stories like it, click the +Follow button at the top of this page to follow us.