← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
KidsProtect - A Near-Total Surveillance Toolkit
WHITE Q.Vashti 2026-05-05 Modified: 2026-05-05
73
IOCs
HIGH VOLUME
Stalkerware developers are facing increasing legal pressure, with several high-profile platforms shut down by court order in recent years. Certo has discovered a new Android surveillance tool being openly advertised on the clear web that gives an operator near-total secret control of a victim’s phone. It can’t be removed without the attacker’s permission. And for a fee, anyone can buy it, brand it, and start selling it as their own. The tool, branded KidsProtect, is an Android Remote Access Trojan (RAT) that, once installed on a target device, operates entirely in the background without the owner’s knowledge. From a web-based dashboard, an operator can secretly record calls, stream live audio from the device’s microphone, track GPS location in real time, read SMS messages and notifications from apps including WhatsApp and Viber, log keystrokes, access contacts and photos, and remotely trigger the front and rear cameras.
capturekidsprotectandroidcertogps locationwhatsappviberwifiserviceprotectremote accesstrojanparentalstealthstreamtelegramservice installerclasses2.dexdalvik dexandroidyara detectionsfilehashav detectionsids detectionsalertsanalysis datefile scorelow riskopen thvirustotal apicommentsiocsdata uploadextractionse boypes
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Remote Access ALF:AndroidOSSuspiciousPerms.A
Indicators of Compromise (5 / 73 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 4c76af70feb7a821c7ad593e89839cef MD5 of f0d01b28ddfdbefe0697994a6b30f2b8a4e39ef1ad6c9427b921b2ccd945a8c5 2026-05-05
FileHash-MD5 59b7305956bb4620fa9a2be7f867b9ef MD5 of 17817d9e29920493bb20ed626c3026e3c29eb6f1d56ef9462c306066ce2ad171 2026-05-05
FileHash-MD5 ad06afb11d60d8c758cfb2b40b99fdfe MD5 of 85cea2573921a252af526991bdcfd8db6987e6a4 2026-05-05
FileHash-MD5 c2973700e23d246305aae30d5e3d42c6 MD5 of 9864db6b5800d9e03b747c46fdef988e035cadde83077a41c5610d5d89f753a0 2026-05-05
FileHash-MD5 e0e90027e6b33711892f34fc6c1c978e MD5 of f4e9733d93ce35ecd3c83f18addf77f8ff49444d09847eaeef9c8e87837d0165 2026-05-05
References (13)
↗ The New Hacking Tool That Lets Anyone Launch Their Own Spyware Company | Article By Sophia Taylor a Senior Cybersecurity Writer at Certo ↗ https://www.certosoftware.com/insights/the-new-hacking-tool-that-lets-anyone-launch-their-own-spyware-company/ ↗ Android Permissions Below: ↗ ACCESS_BACKGROUND_LOCATION, RECORD_AUDIO, CAMERA, ↗ PROCESS_OUTGOING_CALLS, READ_CONTACTS, PACKAGE_USAGE_STATS, ↗ MANAGE_EXTERNAL_STORAGE READ_SMS, READ_CALL_LOG, ↗ The app’s package name — com.example.parentguard ↗ App requests SYSTEM_ALERT_WINDOW and REQUEST_IGNORE_BATTERY_OPTIMIZATIONS permissions ↗ A BootReceiver component ensures the spyware restarts automatically every time the device is rebooted. ↗ com.example.parentguard ↗ The software is sold on a subscription basis starting from $60. ↗ Sophia Taylor a Senior Cybersecurity Writer at Certo, digital security, privacy, and emerging threats expert . ↗ Additional research by Q.Vashti