TheTruthSpy, an infamous Android-based stalkerware, has once again come under scrutiny after a new vulnerability was uncovered. A security researcher found that the app’s servers contain a flaw that could allow attackers to compromise any user account.

The spyware works by being secretly installed on a victim’s Android device, where it collects sensitive information such as calls, texts, GPS location, files, and activity from messaging apps. This data is then transmitted to a central server. However, recent findings revealed that anyone could reset the password of any account, effectively taking control of that victim’s data.

Security researcher Swarang Wade demonstrated the flaw to TechCrunch by successfully resetting test account credentials. For security reasons, the technical details of the exploit remain undisclosed.

Unfortunately, this is not the first time TheTruthSpy has suffered major breaches:

• 2018: Hackers gained full access to its servers.
• 2019: Photos of children taken from infected devices were leaked online.
• 2024: Researchers discovered another unpatched flaw exposing all stored data.

The vendor behind the software, Vietnam-based 1Byte Software, claims that users must obtain consent before installation. Yet, its own marketing emphasizes a “stealth mode,” making the app invisible to victims. While the company promotes the app as a parental control tool, the risks extend far beyond that, with many abusers deploying it against partners or stalking victims.

Once installed, the spyware can monitor private communications, photos, social media activity, emails, browsing history, record audio, and even log keystrokes—without the victim’s knowledge.

1Byte Software’s owner, Van (Vardy) Thieu, admitted to TechCrunch that the source code had been lost, and that a new version was being developed. However, researchers noted the continued use of the same insecure software libraries, suggesting ongoing risks.

These repeated vulnerabilities underscore the broader dangers of stalkerware. Not only do such apps violate privacy, but the lack of accountability among their operators makes them even more hazardous.

How to Detect and Remove Stalkerware from Your Device

If you suspect that stalkerware may be installed on your phone, TechCrunch’s guide and resources from the Coalition Against Stalkerware (of which Malwarebytes is a founding member) are recommended. The coalition also provides region-specific support links for domestic violence victims.

It is important to note that removing stalkerware may alert the person monitoring you. Since these apps often hide under different names and remain invisible, detection can be difficult.

One solution is to use Malwarebytes for Android:

1. Open Malwarebytes on your Android device.
2. Navigate to the dashboard.
3. Tap Scan now.
4. Wait a few minutes for the scan to complete.

If threats are detected, you can choose to:

• Uninstall – permanently remove the spyware.
• Ignore Always – whitelist files you recognize as safe.
• Ignore Once – skip detection for now, but rescan later for confirmation.

TheTruthSpy’s repeated flaws highlight a critical lesson: stalkerware not only violates privacy but also poses severe risks to victims due to poor security practices. Strong cybersecurity measures, awareness, and protective tools remain essential in combating these threats.

Source: https://www.malwarebytes.com/blog/news/2025/08/more-vulnerable-stalkerware-victims-data-exposed-in-new-thetruthspy-flaw