Creepy, sketchy stalkerware vendor get hacked, announced bug-bounty program

Flexispy (previously) is the creepy, sketchy stalkerware company that makes tools that allow jealous, abusive spouses track their partners, and then hides their profits in offshore money-laundries.


Flexispy has been repeatedly hacked, most recently in an attack that saw the sourcecode for its flagship product dumped online.

In response, the company has announced a bug-bounty program to locate and remediate bugs that expose its customers — who themselves exploit unpatched bugs in browsers, operating systems and other code to spy on their victims.


On Monday, the official FlexiSpy Twitter account tweeted that the released files date from 2011, and mentioned that links to more up to date versions of the malware are included in the Medium post.

The FlexiSpy hackers, who call themselves The Decepticons and one of which goes by the handle Leopard Boy, in reference to the 1995 cult film Hackers, said the tweet announcing the bug bounty didn't come from them.

"It's definitely not [us]," Leopard Boy told Motherboard in an online chat, as the hackers were allegedly unable to gain access to FlexiSpy's main Twitter account.


You Can Now Get Paid to Hack Spyware Vendor FlexiSpy
[Joseph Cox/Motherboard]