Home / Tech

A Stalkerware Firm Is Leaking Real-Time Screenshots of People's Phones Online

5 min read
pcTattleTale, which markets itself for monitoring spouses without their consent, lets anyone view screenshots of infected devices by just visiting specific URLs.
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet. See More →

A stalkerware company that's designed to let customers spy on their spouses's, children's, or employees' devices is exposing victims' data, allowing anyone on the internet to see screenshots of phones simply by visiting a specific URL.

The news highlights the continuing lax security practices that many stalkerware companies use; not only do these companies sometimes market their tools specifically for illegal surveillance, but the targets are re-victimized by these breaches. In recent years the Federal Trade Commission (FTC) has acted against stalkerware companies for exposing victim data.


The stalkerware company, called pcTattleTale, offers the malware for Windows computers and Android phones.

"Discover their secret online lives right from your phone or computer," a Facebook post from pcTattleTale reads. "pcTattletale is a popular keylogger and montoring [sic] app that you can use to see what you [sic] kids, spouse, or employees are doing online."

Do you work for a stalkerware company? Do you know about any other data breaches of stalkerware companies? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

Security researcher Jo Coscia showed Motherboard that pcTattleTale uploads victim data to an AWS server that requires no authentication to view specific images. Coscia said they found this by using a trial version of the stalkerware. Motherboard also downloaded a copy of the trial version of pcTattleTale and verified Coscia's findings.

The URL for images that pcTattleTale captures is constructed with the device ID—a code given by pcTattleTale to the infected device that appears to be sequentially generated—the date, and a timestamp. Theoretically, an attacker may be able to churn…
Joseph Cox
Read full article