Google Finally Shuts Down Catwatchful Spyware Operation — A Month After Being Alerted

🔒 Google Finally Shuts Down Catwatchful Spyware Operation — A Month After Being Alerted

In a disturbing yet increasingly common scenario, Google has finally suspended the operations of Catwatchful, a covert phone surveillance platform that had been operating freely on its own Firebase servers — for weeks.

Catwatchful, disguised as a “child monitoring” Android app, was full-blown spyware in reality. Once installed on a victim’s phone (typically by someone with access to the device), it would silently collect private messages, photos, GPS data, and more — all while staying completely hidden from the user.

⚠️ Google Acted, But Too Late

Google’s response came a month after TechCrunch first notified the company about the spyware being hosted on Firebase. A spokesperson confirmed this week that the company had now suspended the account due to violations of Google’s terms of service.

But the big question remains: Why did it take an entire month? Google has not answered that. And while the spyware is now inactive, thousands of devices were compromised, and stolen data had already been uploaded.

📁 What the Data Leak Revealed

The story took a deeper turn when security researcher Eric Daigle discovered a massive vulnerability in Catwatchful’s backend. His analysis revealed that:

• Over 62,000 customer email addresses and passwords were stored in plaintext.
• Records of 26,000 compromised Android devices were exposed.
• No authentication was needed to access the database — a critical flaw.

The spyware’s admin? A developer named Omar Soca Charcov, based in Uruguay. Reached out for comment, he didn’t respond.

🚨 Catwatchful’s Dangerous Capabilities

This wasn’t your average sketchy app. Catwatchful:

• Disguised itself completely on the device, vanishing from the app drawer.
• Allowed the installer to spy on messages, photos, location, browser activity, and more.
• Could be detected only by dialing 543210 in the phone’s dialer—something most users would never guess.

This type of spyware is often referred to as “stalkerware” or “spouseware”, and it’s illegal in most jurisdictions due to its use in non-consensual surveillance.

🧠 The Bigger Picture

Catwatchful is the fifth spyware app this year to leak sensitive data due to poor security practices, and the 25th+ case since 2017. These operations are often created by developers with little understanding — or concern — for cybersecurity, making them a double threat: invasive and insecure.

🛡️ What You Can Do

If you suspect spyware like Catwatchful may be on your Android phone:

• Dial 543210 and press call to check for hidden installations.
• Use reputable mobile security apps to scan for stalkerware.
• Most importantly, have a safety plan in place before removing any spyware — especially in domestic abuse scenarios.

💬 Final Thoughts

Catwatchful is gone — for now — but this incident underscores a bigger issue: Big Tech’s slow response to spyware hosted on their platforms, and the ease with which surveillance tools can compromise thousands. While Google’s move is welcome, the month-long delay raises serious concerns about platform accountability in an age of ever-expanding digital threats.

Stay safe. Stay aware.

🔒 Google Finally Shuts Down Catwatchful Spyware Operation — A Month After Being Alerted was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.