A family of malicious smartphone applications known under the name of SonicSpy has been identified by the researchers at the Lookout security company. There are at least three versions of the malware in Google’s Play Store, all of which are able to remotely control the phones they infect.
As the researchers at Lookout said, if you install any of the contaminated apps, you will have the complete messaging functionality while, in the background, the app will hijack various basic functions on your phone. The app might make outbound calls, send text messages, collect contacts, call logs, as well as Wi-Fi data.
As researchers at Lookout believe, the malware is part of a thousand malicious messaging applications project by a developer who is believed to be based in Iraq. The apps are made by inserting spy functions into the public source code for an actual true messenger app known as Telegram, which is also quite popular. The developer took the components of this app and made Soniac, Hulk Messenger, and Troy Chat (interesting choice of words there). The three apps managed to get successfully listed on Google Play before they’ve been pulled down by the Google staff.
A Lookout researcher Michael Flossman said in an email that it is believed that the apps get distributed in other ways than just Google Play, like through direct phishing texts including download links and other application markets that aren’t Google – there is a site called App Geyser that still has the Soniac app available for download.
Lookout said that the people behind the specific family of malicious apps have shown they can get their spyware into the official app store, which builds process is automated. This raises the odds that similar malicious apps will find their way onto the Google Play Store in the future.
Spreading malware through Android apps is getting more and more common these days, as well as sophisticated. SonicSpy malware seems low-rent enough, but this May, researchers stumbled upon a malware which way of spreading around was through the largely popular Judy series of cooking and lifestyle games, again outsmarting Google’s screening process. As Lookout managed to estimate, out of a thousand Android devices, forty-seven of them have encountered a threat that has been app-based.