Android users are facing yet another threat from infected Google Play apps, this time in the form of a type of malware named SonicSpy. Capable of accessing, recording, and collecting sensitive information, the frightening malware spawned itself in countless iterations across third-party application platforms. While Google Play removed the infection, Android users shouldn’t feel safe just yet, as similar attacks in the future are possible. To fully protect your device always have the full virus scan feature activated. Click now to turn it on:
Read More: Who Called Me and How Did They Get My Information?
What is SonicSpy?
Masquerading as messaging apps, over 1,000 malicious applications flooded third-party Android app platforms in recent days. Three of these apps were available through the Google Play store: Soniac, Troy Chat, and Hulk Messenger. While the apps have since been removed from Google Play, the spyware apps had been downloaded by thousands of users in the meantime. This strain of spyware has tremendous capabilities, able to execute 73 remote instructions such as recording phone calls and audio, making calls and sending messages without user authorization, controlling the phone’s camera, and stealing information like logs, contacts, and Wi-Fi access details.
How SonicSpy Works
Marketed as customized versions of familiar apps, SonicSpy was able to make its way onto Google Play and other app platforms under this guise. Once downloaded, the malware hides its launcher icon in order to avoid detection from smartphone users and to establish a connection to C2 infrastructure. SonicSpy also utilizes Bind Accessibility Services within the Android operating system in order to capture and record text descriptions of the Android user’s phone activity.
Future Threats
The SonicSpy malware shares a strikingly similar approach to SpyNote, a malware strain that appeared in 2016. According to Michael Flossman, the security researcher who initially identified the threat, the two strains rely on dynamic DNS services and the non-standard 2222 port on top of sharing many code similarities. Both SpyNote and SonicSpy have been linked to an Iraqi developer, whose repeated attempts to infiltrate Android app stores suggests that Android users should continue to be wary of unfamiliar apps, even those hosted by Google Play. Before downloading new applications, smartphone readers should read reviews of the app and make sure their anti-malware software is always running.
Learn all about one of the hackers' favorite breach method and keep your company safe…
Have you ever wondered how to recover deleted photos on Android? After all, the lack…
Digital worms are among the most serious threats in the wild kingdom of the Internet.
Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…
Five Steps to Reduce QR Code Risk! Step one? Read this article…
Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…