Everest Ransomware Gang’s Leak Site Hacked and Defaced

TechCrunch has uncovered a concerning development in consumer-grade spyware: a stealthy Android monitoring app that employs password-protected uninstallation to prevent removal.

This app, which abuses built-in Android features like overlay permissions and device admin access, exemplifies the escalating technical sophistication of stalkerware tools designed for covert surveillance.

While rebooting into “safe mode” allows removal, the app’s persistence highlights broader challenges in combating non-consensual tracking and the ethical risks of surveillance technologies marketed for parental or employee monitoring.

Password-Protected Uninstall Mechanism Reveals New Spyware Tactic

The newly identified spyware app exploits Android’s accessibility features to lock users out of the uninstallation process.

Once installed—typically by someone with physical access to the device—the app activates an overlay permission, enabling it to display a persistent password prompt whenever the victim attempts to uninstall it via settings.

The password is set by the installer, effectively granting them exclusive control over the app’s removal.

This mechanism transforms the spyware into a digital lockbox, trapping victims under continuous surveillance unless they discover workarounds.

Compounding the issue, the app leverages Android’s “device admin” privilege—a feature intended for enterprise device management—to gain broad access to data such as texts, photos, and real-time location.

By masquerading as a system app named “System Settings” and hiding its icon, the spyware evades casual detection.

Victims might only notice anomalies by reviewing device admin settings or installed apps, but the password prompt blocks even these avenues unless circumvented.

Safe Mode Workaround Offers Escape Route for Affected Users

TechCrunch confirmed that rebooting an infected device into safe mode disables third-party apps, including the spyware, allowing removal without triggering the password prompt.

The process involves holding the power button, long-pressing the “power off” option, and selecting “reboot to safe mode.”

Once in safe mode, users can navigate to device admin settings, deactivate the spyware, and uninstall it permanently.

Testing on virtual Android devices verified this method’s efficacy, though steps may vary slightly across manufacturers.

Crucially, removing the app alerts the installer, underscoring the need for safety planning before taking action.

Victims are advised to secure their devices post-removal by updating passwords, enabling two-factor authentication, and restricting physical access.

Stalkerware Ecosystem Thrives Despite Legal and Ethical Concerns

This spyware is part of a proliferating stalkerware market that conflates legitimate monitoring with invasive surveillance.

Vendors often market these tools to parents and employers but simultaneously promote them for spying on partners—a practice illegal in many jurisdictions.

The apps typically avoid Google Play Store distribution, relying instead on sideloading by abusers who have temporary access to the victim’s device. Legal frameworks struggle to keep pace with these technologies.

While the U.S. Federal Trade Commission has penalized stalkerware companies like Support King, enforcement remains inconsistent globally.

Advocacy groups like the Coalition Against Stalkerware emphasize technical countermeasures and victim support, but the ease of app deployment and the lack of platform-level safeguards perpetuate the crisis.

TechCrunch’s findings underscore the urgent need for stronger Android protections, such as restricting overlay permissions and device admin access to verified enterprise apps.

Until then, user vigilance and tools like safe mode remain critical defenses against these increasingly sophisticated invasions of privacy.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!