A year after the Federal Trade Commission banned the company, it's back in the news.
The FTC banned Support King, the parent company of the stalkerware app SpyFone, and its CEO Scott Zuckerman from the industry. The order, unanimously approved by the regulators, demanded that Support King remove the phone data it illegally collected and notify victims that its app was secretly installed on their device.
Stalkerware, or spouseware, are apps that are secretly planted by someone with physical access to a person's phone, often under the guise of family tracking or child monitoring, except that these apps are designed to stay hidden from home screens.
Thousands of people's phone data are at risk of further compromise due to security flaws in many stalkerware apps.
The FTC banned Support King and its CEO Zuckerman from offering, distributing, promoting, or otherwise assisting in the sale of spy apps after SpyFone spilled the personal data of more than 2,000 victims.
The internal server of a stalkerware app called SpyTrac is run by developers with ties to Support King.
With more than 1.3 million compromised devices, SpyTrac is one of the biggest known activeAndroid stalkerware operations. The U.S. visitors to the website are blocked with a message saying that their country is not supported.
The ability to stay hidden on a victim's device is one of the things SpyTrac is known for. The people running the operation are likely to shield the developers from legal risks associated with running a stalkerware operation.
According to the data and other public records, Support King and Aztec Labs build and maintain the SpyTrac stalkerware operation. The Spanish-language stalkerware app Espa Mvil is maintained by Aztec Labs.
Some of the data on the server is connected to Support King.
One of the server files contained a set of Amazon Web Services private keys that allowed access to cloud storage associated with Support King and GovAssist, websites that claim to help immigrants obtain U.S. visas and permanent residency permits. OneClickMonitor, a clone stalkerware app, was shut down at the same time as SpyFone.
Scott Zuckerman is the CEO of Support King and Gov Assist.
Zuckerman said that they were looking into the claims that the internal data of SpyTrac was storing keys for S3 buckets. All provisions of the FTC order will be complied with by us.
The FTC banned Support King's spy app SpyFone a year ago. The image is from the screen shot of TechCrunch.
At least two Aztec Labs developers are logging in to the server using different credentials, but each from the same address, according to access logs. The developers used credentials associated with Aztec Labs and Support King to log in to their account.
Aztec Labs has a technical lead who lives in Sarajevo. He listed his work as a program manager at Support King in his other public portfolios.
Zuckerman's latest venture, GovAssist, is being worked on by the technical lead and other SpyTrac developers, as well as other people.
The access logs show a third developer logging in to the server from their home address in Sarajevo with different email addresses.
Zuckerman said that neither he nor any of his businesses were associated with Aztec Labs, SpyTrac or the technical lead who worked for Support King. We don't have access to the server.
The stalkerware app was banned by the FTC.
SpyFone issued its last customer license just days before it was banned by the FTC. The SpyFone name was sold to another company. Customers trying to log in to SpyFone's web dashboard were directed to SpyPhone's website.
Support King was ordered by the FTC to remove the data it collected from SpyFone. Thousands of records associated with the email addresses of buying customers are contained in the internal SpyTrac data.
A Support King email address was used to sell every SpyFone license.
Security researchers Vangelis Stykas and Felipe Solferini spent months researching security flaws in several stalkerware families like SpyTrac. They used public internet data to map out their server infrastructure and decompiling the apps. They have evidence that supports Support King.
Zuckerman said that support king deleted all data in its server that was connected to OneClickMonitor and SpyFone.
Zuckerman was contacted by TechCrunch and the website went down with a message saying the product was temporarily unavailable. The websites for Espa Mvil and stealthX pro went offline. The website stopped working.
There is a notice on the website. The image is from the screen shot of TechCrunch.
It is difficult to deal with stalkerware. It is difficult for regulators to know where these operations are located.
The first ever action by the FTC against a stalkerware operator was taken in 2020. Support King was the second action taken by the FTC.
Civil fines can be imposed on companies that violate FTC orders. The FTC ordered the social networking site to pay $150 million for violating an order.
Much of the effort against stalkerware has been taken up by the tech industry, which has banned stalkerware applications. Advertisers were banned from appearing in the search results that promoted stalkerware. Anti-malware providers who are members of the Coalition Against Stalkerware share signatures of known stalkerware apps and networks to block them from working on their customers' phones.
The evidence points to a likely violation of the FTC's ban according to a former FTC attorney. The FTC will decide if Support King broke its agreement.
A spokesman for the FTC wouldn't comment when contacted.
The National Domestic Violence Hotline is available to help victims of domestic abuse. If you need help, call the emergency number. If you think your phone has been compromised by a piece of software, you can get help from the Coalition Against Stalkerware. You can get in touch with this reporter by email or by phone.
You can read more.
FTC bans spyware maker SpyFone, and orders it to notify hacked victims