Categories: Security

Scary Spyware Apps Found on Google Play

Android users are facing yet another threat from infected Google Play apps, this time in the form of a type of malware named SonicSpy. Capable of accessing, recording, and collecting sensitive information, the frightening malware spawned itself in countless iterations across third-party application platforms. While Google Play removed the infection, Android users shouldn’t feel safe just yet, as similar attacks in the future are possible. To fully protect your device always have the full virus scan feature activated. Click now to turn it on:

The full virus scan feature thoroughly searches your phone and SD card for malware and scans all apps for adware. The cutting-edge dfndr technology is updated in real-time, giving it the capability to protect your smartphone from the SonicSpy malware, or other malicious viruses lurking on your Android phone.

What is SonicSpy?
Masquerading as messaging apps, over 1,000 malicious applications flooded third-party Android app platforms in recent days. Three of these apps were available through the Google Play store: Soniac, Troy Chat, and Hulk Messenger. While the apps have since been removed from Google Play, the spyware apps had been downloaded by thousands of users in the meantime. This strain of spyware has tremendous capabilities, able to execute 73 remote instructions such as recording phone calls and audio, making calls and sending messages without user authorization, controlling the phone’s camera, and stealing information like logs, contacts, and Wi-Fi access details.

How SonicSpy Works
Marketed as customized versions of familiar apps, SonicSpy was able to make its way onto Google Play and other app platforms under this guise. Once downloaded, the malware hides its launcher icon in order to avoid detection from smartphone users and to establish a connection to C2 infrastructure. SonicSpy also utilizes Bind Accessibility Services within the Android operating system in order to capture and record text descriptions of the Android user’s phone activity.

Future Threats
The SonicSpy malware shares a strikingly similar approach to SpyNote, a malware strain that appeared in 2016. According to Michael Flossman, the security researcher who initially identified the threat, the two strains rely on dynamic DNS services and the non-standard 2222 port on top of sharing many code similarities. Both SpyNote and SonicSpy have been linked to an Iraqi developer, whose repeated attempts to infiltrate Android app stores suggests that Android users should continue to be wary of unfamiliar apps, even those hosted by Google Play. Before downloading new applications, smartphone readers should read reviews of the app and make sure their anti-malware software is always running.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.