Catwatchful Android Spyware Leaks Credentials of 62,000+ Users

A major security lapse has exposed the credentials of over 62,000 users of Catwatchful, a full-featured Android spyware app that openly markets itself as a tool for covert surveillance.

The breach, discovered by a security researcher, highlights the persistent risks posed by stalkerware and the dangers of storing sensitive user data without adequate safeguards.

Catwatchful is an Android application designed to monitor devices without the user’s knowledge. Unlike many similar apps that resell existing spyware platforms, Catwatchful operates its own infrastructure and offers a three-day free trial.

Its marketing materials are unusually explicit, boasting “absolute stealth” and promising that the app is “invisible, undetectable, and cannot be uninstalled or stopped.”

The app’s FAQ even assures potential customers that it can monitor a phone without the owner’s awareness.

The Security Flaw

The researcher’s investigation began with the creation of a test account, which revealed that Catwatchful ...