The Rise and Fall of Spyhide and Oospy: A Tale of Phone Spyware Operations

The cyber-world recently witnessed the closure of a short-lived spyware operation known as Oospy, which had originated earlier this year after its predecessor, Spyhide, was compromised. Oopsy, a rebranded avatar of a phone-monitoring app called Spyhide, was aiding in surveilling thousands of Android users globally until it was shut down.

“He who sacrifices freedom for security deserves neither.” - Benjamin Franklin.

Spyhide, before its demise, was hacked, leading to the exposure of its operations and administrators profiting from it. Following this breach, Spyhide's website vanished from the internet, but the spyware's back-end server, hosted on a different domain, remained online. The server continued communicating with the phones it monitored, enabling the administrators to rebrand Spyhide as Oospy without hampering the core spyware operation.

The Downfall of Oospy

The back-end server, which was storing stolen data from thousands of Android devices worldwide, was eventually taken offline by web host Hetzner, citing a violation of its terms of service. Christian Fitz, a spokesperson for Hetzner, confirmed the termination of the customer's server contract.

During their time online, Spyhide and Oospy victimized at least 60,000 individuals across the globe. These stalkerware apps, often installed by someone with knowledge of the victim's passcode, continuously stole the victim's contacts, messages, photos, call logs, recordings, and precise location history.

Following the Spyhide hack, two administrators behind Spyhide and Oospy were identified. One of them, Mohammad Arasteh, admitted to working on the project as a programmer but denied any affiliation with Oospy. However, a lapse on Oospy's checkout page, which used PayPal to process customer payments, revealed the account holder's name, the same family name as Arasteh.

It's not a rarity for spyware operations to rely on payment services like PayPal, despite its policies prohibiting customers from using its service to purchase or sell software that encourages illegal activity, like spyware. Oospy stopped accepting PayPal for payments shortly after, though it's unclear whether PayPal took action against the account. Soon, Oospy's website was taken offline entirely.

A Spate of Shutdowns

The shutdown of the spyware's back-end server signifies the cessation of Spyhide and Oospy's operations, at least for now. Oopsy and Spyhide join the ranks of phone surveillance operations that have disappeared from the internet in recent times. Polish-made stalkerware LetMeSpy shut down following a data breach earlier this year. Last year, one of the largest known Android spyware apps, SpyTrac, also vanished after an investigation linked the spyware operation to Support King, which the FTC banned from the surveillance industry following an earlier data breach.