A trio of phone surveillance apps, which was caught spying on millions of people’s phones earlier this year, has gone offline.
Cocospy, Spyic, and Spyzie were three near-identical but differently branded stalkerware apps that allowed the person planting one of the apps on a target’s phone access to their personal data — including their messages, photos, call logs, and real-time location data — usually without that person’s knowledge.
Stalkerware apps, like Cocospy and its clones, are designed to stay hidden from device home screens, making the apps difficult to detect by their victims but all the while making the phone’s contents continually available to the person who planted the app.
In February, a security researcher told TechCrunch that the apps share the same security flaw that allowed anyone to access the personal data of any device with one of the apps installed. The flaw also revealed the scale of the spying operations behind these apps by exposing the email address of every user who signed up to these spyware services with the intention of planting the spyware on someone’s phone.
The researcher used the bug to scrape 3.2 million email addresses of Cocospy, Spyic, and Spyzie customers who had signed up, and provided those email addresses to the data breach notification site Have I Been Pwned.
Following our reporting on the breach, the stalkerware apps have since stopped working, their websites disappeared, and their Amazon-hosted cloud storage was deleted, TechCrunch has found.
It’s not clear for what reason the stalkerware operations were shuttered. The operators could not be reached for comment.
Consumer-grade phone surveillance operations are known to shut down (or rebrand entirely) following a hack or data breach, typically in an effort to escape legal and reputational fallout. LetMeSpy, a spyware developed out of Poland, confirmed its “permanent shutdown” in August 2023 after a data breach wiped out the developer’s servers. U.S.-based spyware maker pcTattletale went out of business and shut down in May 2024 following a hack and website defacement.
Cocospy, Spyic, and Spyzie are among the most recent apps in a growing list of dozens of phone surveillance operations that have been hacked or otherwise exposed their victims’ data as a result of shoddy coding or poor security practices. By TechCrunch’s count, at least 25 stalkerware operations have been breached since 2017, with at least 10 of those operations — including Cocospy — shutting down in the wake of a breach.
Phone monitoring apps like Cocospy are often sold under the guise of parental control or tracking software, but are also referred to as “stalkerware” (or spouseware) for their propensity to be misused — or explicitly marketed — for spying on a person’s spouse or partner without their consent, which is illegal.
As such, stalkerware apps are banned from app stores and are not allowed to advertise on search engines. Web hosts like Amazon, which hosted the stalkerware operations’ cache of stolen victims’ phone data, also claim to prohibit surveillance operations from using its platform.
Although the trio of Cocospy apps now appears non-operational and its servers are offline, affected individuals should still take action to remove the spyware from their phones.
To detect Cocospy, Spyic, and Spyzie on your Android phone, you can generally enter ✱✱001✱✱ on your phone app’s keypad and then press the “call” button. This backdoor feature prompts the hidden stalkerware apps to appear on-screen if they are installed.
From here, you can delete the malicious app, which appears as a generic-looking app called “System Service,” from your device.
—
If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. If you are in an emergency situation, call 911. The Coalition Against Stalkerware has resources if you think your phone has been compromised by spyware.
