Researchers at Lookout security firm have identified more than a thousand Android applications that contain spyware, belonging to the ‘Sonic Spy’ family. Few of these apps containing surveillance malware had also ended up on Google Play Store.
These spyware apps once installed on a device gave the attacker immense control over it, so much so that they could silently record audio, take photos, make calls, send messages to custom numbers, and retrieve call logs, contacts, and information about Wi-Fi access points.
One of the identified apps, Soniac, marketed as a messaging app which cloned the interface of Telegram app. It functioned like a messaging app too but gave the attacker control over your device.
“Lookout researchers have identified over a thousand spyware apps related to a threat actor likely based in Iraq. Belonging to the family “SonicSpy,” these samples have been aggressively deployed since February 2017, with several making their way onto the Google Play Store,” said Michael Flossman, Security Research Services Tech Lead, Lookout security.
The researchers also noted that similar Spyware messaging apps — Hulk Messenger and Troy Chat — existed on the Play Store in the past and were published by the same vendor.
“It’s unclear whether they were removed as a direct result of Google taking action or if the actor behind SonicSpy removed them in order to evade detection for as long as possible. Cached Play Store pages of these apps confirm they were once live and our analysis found they contained the same functionality as other SonicSpy samples,” Flossman added.
The researchers also noted that the detection of these spyware messaging apps and their removal isn’t going to be the last we see or hear about them.