An independent researcher claims that commercial grade spyware tool PCTattletale was found to leak live-screen recordings/screenshots to the internet, making it accessible by anyone and not just the app’s intended users.
The PCTattletale stalkerware sees wide usage and has been discovered on hotel guest check-in computers, corporate systems and computers employed by law firms across the United States.
The app promotes itself with parents, spouses/partners and enterprises with the promise of discrete instant real-time monitoring and easy installation.
PCTattletale Stalkerware Reportedly Leaks Screen Recordings
The PCTattletale spyware tool primarily focuses on advertising itself towards parents concerned over the social media usage of their children and businesses aiming to monitor employees, claiming to offer a window into the online world of children and disruptions to the daily workflow of employees.
The tool is available for installation on both Windows and Android operating systems. While the site claims this tracking is safe, Eric Daigle, an independent security researcher claims to have discovered a flaw in the spyware’s API that allows attackers to obtain the most recent screen capture on devices with the tool installed.
Reached by the Cyber Express Team, Daigle shed some additional details on the purported vulnerability. The researcher said the tool allows users to sign up on the website, after which they are granted custom .exe or .apk files to install on the target’s device.
The customized file is hardcoded with the users’ credentials, Daigle said, simplifying the installation process to essentially two clicks, with the only real other input the acceptance of permission requests required to successfully capture the screen.
After the installation process, the spyware’s user can access their accounts on the website to trigger or access screen captures. However, Daigle said the recordings he observed weren’t a video file but static screenshots taken a few seconds apart, which are stitched together and played in the form of .GIF file to produce the desired recording of the target.
Daigle said many U.S. hotels, corporate computers and at least two law firms appeared to be compromised and vulnerable to the flaw. However, the researcher expressed his desire to keep further details about victims anonymous for privacy purposes, along with details on exploiting the flaw to prevent potential attackers from taking advantage.
However, the researcher was unclear if the software was installed by corporate owners, as advertised as a use case on the PCTattletale website, or if the installation was done by other actors. The researcher highlighted the serious consequences and potential impact of leaking live screen recordings, such as the leak of sensitive personal information, financial information, or the capture of passwords.
The researcher said he had contacted the spyware vendor about the vulnerability but was ignored. He indicated that he would be ready to do a full write-up of the flaw once it had been patched. The PCTattletale site appeared to be down at the time of publishing this article
Spyware/Stalkerware Tools Remain a Major Concern
Spyware tools pose serious inherent risks aside from their intended purposes, as they could be exploited to violate the privacy of all kinds of individuals or groups.
In 2023, researchers observed a Spanish spyware vendor’s tools employing multiple zero-days and n-days in its exploit chain, and delivering the spyware module through the use of one-time links in SMS messages. These tools were used against targets in the United Arab Emirates (UAE).
Last month, Apple issued notifications to users in 92 different countries to alert them of mercenary spyware attacks. In the same month, the United States government issued several visa restrictions on individuals identified with being connected to or profiting from the usage/proliferation of commercial spyware.
In its notice, the U.S. government cited its concerns over the usage of these apps to facilitate human rights abuses or counter-intelligence efforts as justification for the issue of these restrictions. Several of these concerns are also shared by privacy-advocating individuals, groups such as the Coalition Against Stalkerware and non-profit organizations such as the U.S. National Cybersecurity Alliance.
The National Cybersecurity Alliance defines the use of these tools against targets as a form of abuse on its Stay Safe Online website.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.