Data breach unveils US spyware maker behind Windows, Mac, Android and Chromebook malware

It has been discovered that a relatively obscure spyware company located in Minnesota has fallen victim to a cyberattack, exposing numerous devices globally that it secretly monitors.

An insider shared with Nigeria News 247 a collection of files obtained from the company’s servers, which included comprehensive activity logs from various devices—such as phones, tablets, and computers—that Spytech oversees.

Some of these logs date back to early June. Nigeria News 247 confirmed the authenticity of the data by examining some of the leaked activity logs linked to the company’s CEO, who had installed the spyware on his personal device.

According to the data, Spytech’s spyware products, including Realtime-Spy and SpyAgent, have been responsible for compromising over 10,000 devices since the earliest leaked records from 2013.

This includes a variety of platforms such as Android devices, Chromebooks, Macs, and Windows PCs around the globe.

Recently, Spytech has become the latest spyware developer to experience a security breach and is now the fourth such company to be hacked this year alone, as noted by Nigeria News 247’s ongoing updates.

When contacted for a statement, Nathan Polencheck, CEO of Spytech, mentioned that this was only the second time he had heard about the breach and stated that he had not reviewed the data in question. He added that he is currently investigating the matter thoroughly and will take necessary actions moving forward.

Spytech produces remote access applications, commonly known as stalkerware, which are marketed as tools for parents to oversee their children’s activities.

However, they are also promoted for monitoring the devices of spouses and partners. The company’s website explicitly promotes its products for spousal surveillance, claiming to help users keep an eye on their partner’s potentially questionable actions.

While it is legal to monitor children or employees, doing so without the device owner’s consent is illegal, leading to legal action against both spyware developers and users.

Typically, stalkerware apps are installed by someone who has physical access to the target device and often knows the passcode.

These applications are designed to remain concealed and can be challenging to detect or remove. Once they are in place, they transmit information such as keystrokes, screen interactions, web browsing history, device usage statistics, and detailed location data from Android devices back to a dashboard controlled by the individual who installed the app.

Nigeria News 247 has reviewed the compromised information, which includes logs for all devices managed by Spytech, detailing the activity of each device.

The majority of the affected devices are Windows PCs, while Android devices, Macs, and Chromebooks are impacted to a lesser extent.

The activity logs we examined were not encrypted. TechCrunch also assessed the location data from hundreds of affected Android phones and used an offline mapping tool to maintain the victims’ privacy while plotting the coordinates.

Although it does not provide a complete picture, this location data offers some insight into where a portion of Spytech’s victims can be found.

Our examination of the mobile-only data reveals that Spytech has established substantial clusters of monitored devices throughout Europe and the United States, along with some localized devices in Africa, Asia, Australia, and the Middle East.

One record linked to Polencheck’s administrator account reveals the exact location of his residence in Red Wing, MN. Although this data contains vast amounts of sensitive information and personal details from individuals—many of whom are likely unaware their devices are under surveillance—it lacks sufficient identifiable information about each affected device for Nigeria News 247 to inform the victims of the breach.

When Nigeria News 247 inquired, Spytech’s CEO declined to disclose whether the company intends to inform its customers—the individuals whose devices were tracked—or U.S. state authorities as mandated by data breach notification regulations.

A representative from the Minnesota attorney general’s office did not reply to a request for comments. Spytech has been in existence since at least 1998 but remained relatively unknown until 2009, when an Ohio man was found guilty of utilizing Spytech’s spyware to compromise the computer systems of a local children’s hospital.

He specifically targeted the email account of his former partner employed there. At that time, local news outlets reported, and Nigeria News 247 confirmed through court documents, that the spyware infiltrated the hospital’s systems as soon as his ex-partner opened an email attachment containing it, which prosecutors claimed gathered sensitive health data.

The individual responsible for sending the spyware admitted guilt to charges related to unauthorized interception of electronic communications.

Recently, Spytech became the second U.S.-based spyware manufacturer to suffer a data breach; in May, Michigan’s pcTattletale was hacked and its website vandalized.

The company chose to shut down and erase its database containing victim device information instead of informing those affected.

Subsequently, data breach notification service Have I Been Pwned acquired a copy of the compromised data and reported that 138,000 customers had registered for their service.