TheTruthSpy: The Stalkerware That Made Millions

TheTruthSpy: The Stalkerware That Made Millions

In an era where technology permeates every aspect of our lives, privacy has become a precious commodity. Unfortunately, there are individuals and organizations exploiting this vulnerability for their gain. One such example is TheTruthSpy, a collection of Android surveillance apps known as “stalkerware.” These apps, including Copy9 and MxSpy, have compromised hundreds of thousands of people’s phones worldwide. But who is behind this sinister operation, and how have they managed to evade detection for so long?

TheTruthSpy, developed by the Vietnam-based startup 1Byte, has been a lucrative venture, bringing in millions of dollars in customer payments since 2016. However, selling spyware comes with legal and reputational risks, especially in the United States, where demand for TheTruthSpy has been steadily growing. To navigate these challenges, 1Byte devised an intricate scheme involving a network of fake American identities, forged passports, and manipulated financial systems.

Meet Benjamin and Dulce, two fictitious sellers of TheTruthSpy. On the surface, they appear to be ordinary Americans, but their true purpose is to serve as fronts for 1Byte. Their forged documents, including passports, driver’s licenses, and Social Security cards, allowed 1Byte to funnel illicit customer payments into their bank accounts. These fake identities were meticulously crafted, complete with photoshopped faces and fabricated personal information. Through this elaborate charade, 1Byte managed to keep its true identity hidden while reaping the profits.

Dulce and Benjamin played crucial roles in 1Byte’s financial success. In the early years, PayPal served as the primary payment processor for TheTruthSpy. Customers would purchase the software through various branded spyware websites, and the money would flow into PayPal accounts under Dulce and Benjamin’s names, which were actually controlled by 1Byte. Dulce alone netted $239,000 in 2016 and $886,000 in 2017, while Benjamin consistently earned tens of thousands of dollars each month selling other cloned stalkerware apps.

As TheTruthSpy’s popularity grew, PayPal’s systems began flagging transactions and restricting access to 1Byte’s accounts. To overcome this obstacle, 1Byte employed various tactics, including using multiple PayPal accounts and offering full-year subscriptions to customers in exchange for resolving disputes. These strategies helped keep the money flowing, but 1Byte realized that relying solely on PayPal was not a sustainable solution.

1Byte recognized the need to process customer payments through credit cards to meet growing demand. However, credit card processors viewed spyware as a high-risk product due to its association with illegal activities. To circumvent this issue, 1Byte established partnerships with smaller payment facilitators known to work with riskier products. This allowed them to accept credit card payments, albeit with higher fees. Yet, some payment processors eventually caught on and terminated their agreements with 1Byte.

To maintain control over the payment process, 1Byte developed its own checkout website called Affiligate. Disguised as a marketplace for app developers, Affiligate served as a front for selling TheTruthSpy and its cloned apps. Behind the scenes, 1Byte employees created fake marketplace accounts and utilized their personal email addresses, inadvertently compromising the security of their own site. Affiligate relied on an outside company, Stripe, to handle credit card processing, enabling 1Byte to continue its operations.

TheTruthSpy’s operation remained hidden for years, with its vast trove of compromised phone data hosted in Texas web hosting data centers. However, a massive cache of files, including customer information, was leaked, exposing the inner workings of 1Byte’s surveillance ring. The leaked data shed light on the company’s financial spreadsheets, customer transactions, and the individuals who purchased the stalkerware. This breach also revealed 1Byte’s security lapses, including a potential ransomware attack and the exposure of its handlers’ identities.

Stalkerware, including TheTruthSpy, poses a significant threat to individuals’ privacy and security. While possession of such software is not illegal, using it to record calls and private conversations without consent violates federal and state laws. The authorities have taken action against stalkerware operators, but overseas operators like 1Byte remain largely out of their jurisdictional reach. TheTruthSpy continues to operate unabated, putting countless victims at risk of having their personal information fall into the wrong hands.

If you suspect that your phone has been compromised by TheTruthSpy or any other stalkerware, there are steps you can take to protect yourself. Utilize the free lookup tool provided by TechCrunch to check if your phone has been compromised. If confirmed, follow their guide on how to remove the spyware from your device. However, be aware that removing the spyware may alert the person who planted it.

In summary, TheTruthSpy, a dark player in the world of stalkerware, has managed to operate covertly for years, exploiting vulnerabilities in the financial system and leveraging fake identities to conceal its true nature. While steps have been taken to combat stalkerware, the battle against such invasive surveillance tools is far from over. It is crucial for individuals to remain vigilant, protect their digital privacy, and stay informed about emerging threats like TheTruthSpy. With continued awareness and collective action, we can strive for a safer and more secure digital landscape.

First reported on TechCrunch

Frequently Asked Questions

Q. What is TheTruthSpy, and how does it operate as a stalkerware?

TheTruthSpy is a collection of Android surveillance apps categorized as “stalkerware.” These apps compromise individuals’ phones, allowing unauthorized access to private data, call recordings, and conversations without their knowledge or consent. TheTruthSpy is developed by the Vietnam-based startup 1Byte and has been a lucrative venture since 2016.

Q. How does 1Byte evade detection while profiting from selling spyware?

1Byte employs an intricate scheme involving fake American identities, forged passports, and manipulated financial systems. Two fictitious sellers named Benjamin and Dulce serve as fronts for the company, allowing them to funnel illicit customer payments into their bank accounts. Through this elaborate charade, 1Byte has successfully kept its true identity hidden while reaping significant profits.

Q. How did 1Byte process customer payments initially, and what challenges did they face?

In the early years, PayPal served as the primary payment processor for TheTruthSpy. However, PayPal’s systems began flagging transactions and restricting access to 1Byte’s accounts. To overcome this, 1Byte used multiple PayPal accounts and offered full-year subscriptions to resolve disputes. Yet, relying solely on PayPal was not sustainable.

Q. How did 1Byte manage credit card payments despite the high risk associated with spyware products?

Credit card processors viewed spyware as high-risk due to its association with illegal activities. To overcome this, 1Byte partnered with smaller payment facilitators known to work with riskier products. This allowed them to accept credit card payments, although with higher fees. However, some payment processors eventually caught on and terminated their agreements.

Q. How did 1Byte establish control over the payment process through Affiligate?

1Byte developed its checkout website called Affiligate, disguised as a marketplace for app developers. It served as a front for selling TheTruthSpy and its cloned apps. Behind the scenes, 1Byte employees created fake marketplace accounts and utilized their personal email addresses. Affiligate relied on an outside company, Stripe, to handle credit card processing, enabling 1Byte to continue operations.

Q. What exposed the inner workings of 1Byte’s surveillance ring?

A massive cache of files, including customer information, was leaked, shedding light on the company’s financial spreadsheets, customer transactions, and the individuals who purchased TheTruthSpy. This breach also revealed security lapses, including a potential ransomware attack and the exposure of 1Byte’s handlers’ identities.

Q. Is stalkerware illegal, and what actions have been taken against stalkerware operators?

Possessing stalkerware is not illegal, but using it to record calls and private conversations without consent violates federal and state laws. Authorities have taken action against stalkerware operators, but overseas operators like 1Byte remain largely out of their jurisdictional reach.

Q. How can individuals protect themselves from stalkerware like TheTruthSpy?

Individuals can use TechCrunch’s free lookup tool to check if their phones have been compromised by TheTruthSpy or any other stalkerware. If confirmed, TechCrunch provides a guide on how to remove the spyware from the device. However, be aware that removing the spyware may alert the person who planted it.

Q. How can we combat the threat of stalkerware and protect digital privacy?

The battle against invasive surveillance tools like TheTruthSpy requires continued awareness and collective action. Individuals must remain vigilant, protect their digital privacy, and stay informed about emerging threats. By working together, we can strive for a safer and more secure digital landscape.

Featured Image Credit: Unsplash

Deanna Ritchie

Managing Editor at ReadWrite

Deanna is the Managing Editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind and has over 20+ years of experience in content management and content development.

Add a Comment