A threat actor is selling an authentication bypass vulnerability for a phone stalkerware website. It is claimed that with this vulnerability one will be able to log into any account and access sensitive information such as pictures, messages, calls, contacts and so on. The threat actor also shared a sample in the forum post.
The threat actor is selling the exploit POC to scrape basic information of every user account and the method to log into any account. For these, the threat actor is asking for $7500 but it is stated that negotiations are available. The threat actor accepts escrow for the deal.
The post Vulnerability for a Phone Stalkerware is for Sale on a Dark Web Forum appeared first on Daily Dark Web.