The US government has secured a guilty plea from a stalkerware maker in federal court, marking just the second time in more than a decade that the US has managed to prosecute a consumer spyware vendor successfully.

Bryan Fleming, creator of stalkerware called pcTattletale, pled [PDF] guilty in the Southern District of California federal court on Tuesday to one count of selling software designed with the primary purpose of intercepting communications, with an interstate commerce element, in violation of federal law.

According to the plea agreement, Fleming sold the stalkerware from Michigan. In at least one instance, it was purchased by a buyer in the Southern District of California, allowing the case to be filed there. The plea agreement states that Fleming started advertising pcTattletale in 2017 "to persons wanting to spy on spouses or partners without their knowledge."

Like other forms of stalkerware, which are essentially consumer-grade spyware like the type used with impunity by nation-states, pcTattletale was designed to be installed on both computers and mobile devices, delivering copies of text messages, emails, phone calls, geolocation information, and web browsing history to an online portal where buyers could monitor a target's activity without that person's knowledge.

In the case of pcTattletale, court documents indicate that the stalking was performed via video capture, with the software recording the victims' every move whenever their device was unlocked.

As reported by the Detroit News in December, federal law enforcement agents with the Immigration and Customs Enforcement's Homeland Security Investigations division had been investigating Fleming since at least 2021. pcTattletale was singled out because it was specifically marketed for unlawful spying on partners and spouses, an HSI agent wrote in a search warrant affidavit for Fleming's home filed in November 2022, but not unsealed until last month.

There are a number of stalkerware companies operating in the United States, and their use has surged in recent years despite sloppy coding leading to security incidents that leaked the details of hundreds of thousands of customers, like what happened to mSpy (multiple times), Catwatchful, and - you guessed it - pcTattletale.

Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions

Paragon spyware deployed against journalists and activists, Citizen Lab claims

CISA warns spyware crews are breaking into Signal and WhatsApp accounts

Google bans stalkerware apps from Android store. Which is cool but... why were they allowed in the first place?

Fleming's company went bust in 2024 when it was hacked, leading to the exposure of 138,751 customer accounts, along with device information, IP addresses, physical addresses, phone numbers, text messages, and a good deal of victim information as well.

Fleming is due to be sentenced later this year, when he'll be facing up to 15 years in prison, a fine of $250,000, forfeiture of all property that was involved in the offense, and additional penalties.

As noted above, this is only the second time since 2014 that the US government has secured a guilty plea in a stalkerware case. In the prior instance, Hammad Akbar pled guilty to distributing stalkerware called StealthGenie.

Whether two guilty pleas in 12 years will be enough to stem the stalkerware tide is questionable, but a second case on similar grounds - selling software designed to snoop on people without their knowledge - at least suggests victims have recourse and that federal law enforcement has found a solid justification for bringing charges.

We reached out to several anti-stalkerware advocates for comment and will update this story if we hear back with their analysis. ®