SonicSpy spyware using Android apps to steal device information

SonicSpy spyware using Android apps to steal device information

Over 4,000 Android apps contain SonicSpy spyware that steals device information

Google has booted out three apps from the Play Store which could steal contacts, call records and messages from Android devices using a spyware named SonicSpy.

SonicSpy can infiltrate Android devices through apps and can send texts, take pictures from phone cameras and capture call records.

In a detailed blog post, security firm Naked Security has detailed out how a new spyware named SonicSpy can infiltrate Android devices and steal sensitive user information without being noticed by users. Researchers at the firm noted that there could be as many as 4,000 Android apps that hid SonicSpy.

Google Play Protect to scan Android apps for malware even after installation

Three of such apps, namely Soniac, Hulk Messenger, and Troy Chat, were present on the Google Play Store and had been downloaded a few times. However, once security researchers at Naked Security informed Google about the spyware present in these apps, Google booted them out from the Play Store.

However, there are still thousands of apps that are infected by SonicSpy and are available at third party app stores that do not feature strong security credentials. Android users who download apps from third party app stores and from the web are particularly vulnerable to the spyware.

Duplicate Android app store has malware installed in every app

Once it infects an Android device, SonicSpy records audio, takes photos with the device’s camera, makes outbound calls, sends text messages to whatever phone numbers the attacker chooses, and retrieves data from contacts, Wi-Fi hotspots and call logs.

Android device users are unable to detect the presence of SonicSpy since it removes its launch icon to hide itself post installation. Once it obtains data from an Android device, the spyware then sends such data over to a command and control server owned by its creator.

To ensure they are not affected by such spyware, Naked Security suggests that Android device users must stick to the Google Play Store not only because it has a strong malware-filtering mechanism, but also because it can boot out existing apps if it is found that they contain malware or trojans.

Google is stamping down on privacy-flouting apps

Third party app stores do not have strong security mechanisms in place and are not as regular in sending out security patches and updates to users. As such, they act as hubs for malware that cannot otherwise get past Google's Play Store or Apple's App Store.

The researchers are also advising users not to download new apps on work phones before checking their history so as to ensure they are not downloading unwanted malware inadvertently. At the same time, phone buyers must choose devices that come with faster and more effective patching of vulnerabilities. For example, BlackBerry's latest Android phones come with 'zero day' patches which means that BlackBerry passes on patches to users as soon as they are made available by Google.

Copyright Lyonsdown Limited 2021

Top Articles

Clubhouse data leak: Data of 1.3m users dumped on a hacker forum

An SQL database containing records of 1.3 million Clubhouse users has been leaked for free on a popular hacker forum.

Iran terms Israeli cyber attack on nuke facility as "nuclear terrorism"

A rumoured cyber attack carried out by Mossad, Israel's official spy agency, destroyed legacy IR-1 centrifuges at Iran's underground nuclear facility located in Natanz.

The Hunt for Red Insider

The analogy to The Hunt For Red October is not far removed from the common reality of cybersecurity.

Related Articles