The Spy in Your Pocket
Celular 007 went from parental control to unrestrained surveillance.
A Brazilian spyware app designed to monitor children became a massive illegal surveillance tool, spying on over 100,000 phones including politicians, journalists , and ordinary citizens.
A hacker group breached the servers of the spyware app “Celular 007”, uncovering a trove of illegal surveillance data – thousands of conversations that had been illegally intercepted through the app – and shared this material with DDoSecrets, an organization specializing in publishing, archiving, and analyzing leaked data sets. DDoSecrets, in turn, sent the data to InterSecLab, which analyzed and compiled the leaked data at the request of piauí.
The data analyzed reveals that between January 2015 and May 2024, at least 116,079 cell phones were monitored by 105,897 users of the app mostly in Brazil.
Allan de Abreu, journalist from the Brazilian magazine piauí, wrote an article revealing that the Celular 007 was used to conduct illegal espionage, including against mayors.
A case study in illegal surveillance
Piaui’s story begins with the case of a music promoter who had his private WhatsApp messages intercepted after organizing a party during the pandemic. This wasn’t a legal wiretap; it was espionage enabled by Celular 007, an app sold as parental control software but functioning as a powerful tool for illegal spying, widely used to do clandestine police investigations, stalking, and espionage of all kinds.
To use the app, users must register an email address. The data leak revealed email accounts belonging to Brazilian court officials, public servants and police officers linked to Celular 007. Politicians and their advisors were also victims of surveillance, with their WhatsApp conversations being monitored by third parties.
In Brazil, an app like Celular 007 is only permitted by law in cases where a parent is monitoring their children, and even that must be. Otherwise, it is illegal. But the marketing appeal of this tool also includes in their website monitoring for relationships “Toxic relationship. Find out if your partner is cheating on you. Discover the truth right now”. And suggests employers to supervise employees. “Monitor your employees, keep track of their productivity, and quickly identify breaches of corporate policy!”.
Easy access, low cost
The company created a purchasing process with no need for detailed user registration, and it is a cheap tool, costing only R$ 209 (less than US$ 40) for the starting price of 15 days.
Once activated, the app allows users to monitor, through a web page, all actions performed on the cell phone, including the content of private conversations in applications such as WhatsApp and Instagram. Through the app it is also possible to turn on the microphone and camera, as well as track the device’s location in real time.
InterSecLab analysis
“Spyware programs such as Celular 007 proliferate on the internet without any control. And they are poorly designed, fragile programs from an information security standpoint”, says Marla Rivera, director of InterSecLab, in an interview given to piauí.
“Victims thus suffer a double violation: they are monitored without consent and also run the risk of having their personal data exposed publicly.”
InterSecLab conducted a technical analysis of the Celular 007 in the report “Unveiling Celular 007: An In-Depth Analysis of Brazilian Stalkerware and Strategies for Collective Protection” with some strategies to deal with the threat, translated into Portuguese and Spanish.
Recommendations
We recommend being cautious when sharing cell phone passwords with other people, this is the primary mistake that usually opens the door to invasive apps such as Celular 007.
“People should be more aware of the risks they face on a daily basis.” says Rivera.
Read the full article (in Portuguese)
“O aplicativo que espionou 100 mil celulares – e continua em atividade”.