InfoSecBulletin Cybersecurity for mankind
A new Android spyware tool is for sale on the internet. It has more risks than just its tracking features. For a price, anyone can buy it, add their name and logo, and sell it as their own. The tool is named KidsProtect. It looks like a parent monitoring app, but it really isn’t about keeping kids safe.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Once it’s on a target device, it works quietly in the background. This gives the operator full control of the victim’s phone without the victim knowing. It works on Android 7 and newer, says it supports Android 16, and costs $60 for a subscription.
A different white-label package allows buyers to change its brand completely and sell it under their own name and prices. Certo analysts found KidsProtect advertised openly on a regular hacking forum, which is a strange place for a tool that says it protects kids.
The developer seems to speak Greek based on their forum profile and screenshots in the app.
KidsProtect tries very hard to stay hidden on a device. After you install it, you won’t see its real name. It appears as “WiFi Service” or “WiFiService Installer,” a typical name that most users wouldn’t notice right away.
The app’s package name, com.example.parentguard, raises immediate red flags for anyone with software development knowledge.
The “com.example” prefix is a stand-in used in beginner coding guides and rarely shows up in real software sold to customers. Its use here indicates a clear choice to keep the app’s identity hidden.
Certo researchers obtained and analyzed the APK file, confirming the app requests an extensive list of Android permissions including ACCESS_BACKGROUND_LOCATION, RECORD_AUDIO, CAMERA, READ_SMS, READ_CALL_LOG, and READ_CONTACTS, among many others.
If the package name com.example.parentguard is found on any device, it should be seen as a clear infection and reported right away.
Indicators of Compromise:
Package Name: com.example.parentguard
SHA-256 Hashes:
9864db6b5800d9e03b747c46fdef988e035cadde83077a41c5610d5d89f753a0
1b1d9b260deec0c612ec67579fd36fec7722b2b8446ab32284a08f44f4ea64da
f4e9733d93ce35ecd3c83f18addf77f8ff49444d09847eaeef9c8e87837d0165
17817d9e29920493bb20ed626c3026e3c29eb6f1d56ef9462c306066ce2ad171
f0d01b28ddfdbefe0697994a6b30f2b8a4e39ef1ad6c9427b921b2ccd945a8c5
