Google has now removed apps from the Play Store that were found to be spyware.
Researchers at Lookout security firm identified the said family of malicious apps under the umbrella name SonicSpy. Three iterations of this malware were uploaded to Google Play, and anyone who downloaded it opened their smartphone to certain vulnerabilities.
SonicSpy Apps On Google Play: What It Can Do
One of these apps, Soniac, a redressed Telegram app, contains malicious capabilities that can lend an attacker with significant control of a device, Lookout explained. Soniac was able to record audio without the owner of the phone knowing, take photos, make outbound calls, send texts, and pull up sensitive information such as call logs, contacts, and Wi-Fi access points — without, of course, the permission of the owner.
Lookout says the perpetrator, possibly based in Iraq, created over 1,000 malicious apps by messing with the code and putting in spying functions. This developer branded it as Soniac, Hulk, and Troy Chat. Google has since pulled these three apps from its app store.
But the apps can appear elsewhere, said Michael Flossman, author of the report on SonicSpy. The developer might distribute it through other means, such as direct phishing texts accompanied by a download link or through other third-party Android app stores.
SonicSpy: Where Did It Come From?
Once installed, SonicSpy apps will hide their icon to fool the owner that it's not present. It then establishes a connection to the control server. Lookout is still presently studying the provenance of SonicSpy, but Lookout has found several references to Iraq, hence the speculation that the perpetrator could be Iraq-based. SonicSpy bears similar traits to that of SpyNote, another malicious app family.
This new security threat implies that even Google Play can't guarantee the next app that the users will download on their phones isn't a cleverly disguised spyware, much less ones they'll get from non-Google Android app markets. For now, the best preventive measure is to scrutinize an app before downloading it. If it looks dubious, chances are it probably is. Also, a quick look at the number of downloads should also be an indication — the fewer times it's been downloaded, the more chances that it's something fishy. That's not always the case, of course, but it's better to be safe than sorry.
Malicious apps can also look quite sophisticated. This past May, researchers uncovered a family of apps called "Judy," cooking and lifestyle games that look polished but are actually distributing malware. It was able to outsmart Google's screening process. It infected nearly 36 million devices.