Android users need to be aware of a new threat that has attacked them with over 4,000 spyware apps since February 2017. In at least three cases, the hacker sneaked the apps into Google’s official Play Market.
Soniac was one of the three apps that evaded Google Play and had between 1,000 and 5,000 downloads before the search giant removed it. The app supplied messaging functions through a customized form of the Telegram communications program. Soniac was able to record audio, take phones, make calls, send text messages, and recover logs, contacts, and data about Wi-Fi access points. Google deleted the app after Lookout reported it dangerous.
The other two apps, Hulk Messenger and Troy Chat, were also available in Google Play but later removed. It’s unclear if the developer eliminated the apps or if Google removed them after finding the spying features. Since February, slightly more than 4,000 apps have been distributed to other channels that were not made clear. The channels could include alternative markets or text messages that have a download link and are all a collection of a malware family deemed SonicSpy.
After the SonicSpy apps are installed, they remove their launcher icon to hide and create a connection to the control server that’s located on port 2222 of arshad93.ddns[.]net.
Similar to SpyNote, SonicSpy is believed to both have references to and be located in Iraq. The phrase “Iraqian Shield” continuously appears. Lookout is following any leads that suggest that the developer is based in that area of the world.
As a precautionary step, Android users should steer clear of any non-Google app sources with the exception of Amazon’s Android offerings. Additionally, users shouldn’t install Google Play apps that are of uncertain quality, especially when they have few downloads.
Via Ars Technica
Learn more about Electronic Products Magazine