Bryan Fleming, the founder of pcTattletale, a covert software program used to remotely spy on the devices of wayward spouses, pleaded guilty in California federal court on Tuesday for illegally peddling the spyware to thousands of customers.
-
The founder of pcTattletale pleaded guilty to illegally advertising and selling covert spyware under the federal Wiretap Act.
-
The software was marketed for secretly monitoring partners, enabling almost real-time remote access to messages, calls, location data, and on-screen activity.
-
Researchers had previously flagged major security flaws that exposed millions of victim screenshots and backend systems.
Fleming pleaded guilty Tuesday to one count under Title 18, US Code § 2512(1)(b), part of the federal Wiretap Act, which prohibits the manufacture, sale, advertising, or possession of devices or software designed primarily to secretly intercept electronic communications.
The case highlights growing scrutiny of stalkerware vendors as federal authorities increasingly move to hold software developers accountable for how commercially available surveillance tools are marketed and used.
For example, pcTattletale was marketed as an “employee and child monitoring software” even though it was often abused to spy on partners, employees, or other private individuals without consent.
pcTattletale is the only solution that makes “YouTube” like videos of their every tap or click. Just watch the recordings from your phone or computer using your secure pcTattletale account as they live their secret online lives.
- actual wording from pcTattletale advertising as seen by Malwarebytes in 2021.
Stalkerware sold to thousands across US
Prosecutors said that from about 2017 through December 2022, Fleming’s company, Fleming Technologies LLC, designed, manufactured, and sold the stalkerware to at least 1,200 customers per year.
According to the plea agreement filed in the US District Court for the Southern District of California, pcTattletale was explicitly advertised for spying on the mobile phones and computers of private citizens without their knowledge or consent.
“The defendant’s software enabled buyers to covertly and remotely monitor a victim’s cellular telephone and computer activities, including texts, emails, phone calls, geo-location, and web browsing,” court documents said.
Fleming allegedly marketed the subscription-based spyware directly to people seeking to secretly monitor spouses or romantic partners, creating both video and print advertisements that were distributed across the US Prosecutors said at least one of those ads was viewed by someone in the Southern California district.
Sold exclusively online, pcTattletale cost between $100 and $300, depending on subscription length and the number of devices monitored, court filings state.
The spyware included a web-based dashboard and was designed to record a video each time a victim’s device was used, capturing on-screen activity across mobile apps and other functions.
Once logged into the dashboard, buyers could remotely monitor a device with only seconds of delay between activities, prosecutors said.
pcTattletale riddled with security flaws and leaks
Ironically, security researchers previously flagged pcTattletale’s own security practices on multiple occasions, and after a major breach leaked source code, one of its databases, and over 300 million images, it eventually forced Fleming to shut down the entire platform.
In 2021, after examining a pcTattletale trial version, Malwarebytes revealed that screenshots captured by the spyware were uploaded to an unsecured online database, allowing anyone to view the images without authentication.
In 2024, security researcher Eric Daigle found that pcTattletale’s application programming interface (API) allowed unauthorized access to the most recent screen capture from any device carrying the spyware.
Despite repeated warnings from Daigle and others, that issue was also not addressed.
In yet another instance, stalkerware researcher Maia Crimew identified a security flaw that allowed full access to the software’s backend infrastructure, allowing the website to be defaced and exposing its AWS credentials.
Amazon subsequently locked the company’s AWS infrastructure.
“pcTattletale stored more than 17 terabytes of victim screenshots, totaling over 300 million images from more than 10,000 devices, with some data dating back to 2018,” Crimew revealed at the time.
The guilty plea also marks one of only two US prosecutions to date targeting the commercial sale of covert surveillance software, rather than its misuse by end users. In 2014, the Danish creator of StealthGenie was fined $500,000 after pleading guilty to selling the stalkerware to an undercover FBI agent two years prior.
Case documents from Tuesday further describe how a California resident, after viewing one of Fleming’s advertisements, purchased the software and installed it on a phone.
The buyer later emailed Fleming for technical assistance, explicitly stating the software was being used to spy on a significant other without their knowledge. Prosecutors said Fleming continued to assist the buyer despite knowing the intended use, ultimately supporting the federal charges.
Fleming faces up to 15 years in federal prison, and up to $250,000 in fines. Sentencing is scheduled for April 3rd.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked