A security vulnerability in the stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug was discovered by security researcher Eric Daigle, who spilled the spyware app’s full database of email addresses and plaintext passwords that Catwatchful customers use to access the stolen data from their victims’ phones.
Catwatchful masquerades as a child monitoring app but actually uploads victim’s private contents to a dashboard viewable by the person who planted the app. The stolen data includes photos, messages, and real-time location data. The spyware can also remotely tap into live ambient audio and access phone cameras.
This incident is the latest example of stalkerware operations being hacked or exposed. Catwatchful has email addresses and passwords on over 62,000 customers and the phone data from 26,000 victims’ devices, mostly located in Mexico, Colombia, India, and other countries. The database also revealed the identity of the spyware operation’s administrator, Omar Soca Charcov.
The vulnerability in the Catwatchful API allowed anyone to interact with the user database without needing a login. HostGator briefly blocked the spyware developer’s account but later returned it. Google has added new protections for its security tool and will alert users when it detects the Catwatchful spyware or its installer on their phones.
Catwatchful does not publicly list its owner, and an operational security mishap exposed Charcov as the operation’s administrator. Victims can detect the app by dialing a specific code into their Android phone keypad and then hitting the call button. To remove the app, users can follow a general guide for removing Android spyware.
If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence.
Source: https://techcrunch.com/2025/07/02/data-breach-reveals-catwatchful-stalkerware-spying-on-thousands-android-phones