Android spyware found in thousands of Google Play apps

Android spyware found in thousands of Google Play apps

Researchers at cybersecurity firm Lookout have discovered more than 4,000 samples of a spyware called SonicSpy hidden in Android apps, some of which were found on sale in the Google Play Store.

SonicSpy can force a phone to record audio, take photos with the camera, send text messages by itself and pull out personal information like call logs, contacts and WiFi access points.

Spyware is a type of hijacking software that is installed on phones or computers without the user’s knowledge and secretly intercepts personal data before transmitting it to a (usually criminal) third party.

Researchers have tracked the origins of SonicSpy to Iraq, where it’s believed a single developer is behind the spread of the malicious software.

Lookout’s research team wrote in a blog post that they discovered three high-profile infected messaging apps for sale on Google Play called Hulk Messenger, Troy Chat and Soniac.

Google has since ejected the three apps from the Play Store, but there are concerns that many more apps are infected too.

Google said in March 2017 that only a tiny proportion of Android users – 0.05% – had downloaded apps containing spyware from the Play Store.

Android spyware found in thousands of Google Play apps 2

Explaining how the spyware works, Michael Flossman from Lookout said: “Soniac is a customised version of the communication app Telegram, which contains malicious
capabilities that provide an attacker with significant control over a target device.

Once installed SonicSpy will remove its launcher icon to hide itself from the victim.”

Businesspeople with sensitive data on their phones are most at risk from SonicSpy, Lookout found.

“Enterprises often send employees overseas for conferences, customer meetings, and while travelling, employees use messaging apps to communicate with co-workers and family back home.

“Apps like SonicSpy capitalise on this by pretending to be trustworthy apps in well-known marketplaces.”

Experts recommend never downloading third-party apps outside the main apps stores, but it will be of some considerable concern that apps in the Google Play Store have been infected to this extent.

To protect yourself and your personal data it is a good idea to read the reviews and take them with a pinch of salt. Many fake apps will utilise a botnet to download the app thousands of times and five-star rate it, giving the app at-a-glance respectability.

It is also worth checking out and installing security software that can detect spyware and malware.

“Anyone accessing sensitive information on their mobile device should be concerned about SonicSpy,” Lookout wrote.

“The actors behind this family have shown that they’re capable of getting their spyware into the official app store and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future.”



A veteran freelance journalist writing extensively on internet news and cybersecurity.
Back To Top