SonicSpy Malware

A Number of malwares are seen to be affecting Google’s Play Store and Android for quite sometime. Few Weeks back the Judy malware had affected Play Store and this weird thing was believed to be spread over by 41 apps. WannaCry ransomeware affected the PCs which probably is regarded as a biggest threat.

Yet another Android malware attack that has plagued Google Play Store is the ‘SonicSpy’. One would wonder as to where SonicSpy malware is found – It has been included in more than a thousand of Android apps.

It has been reported that at least three of these apps have seemed to have bypassed Google’s security measures and have seen available in the Google Play Store thereby affecting smartphones when those apps are downloaded.

Anybody who installs the compromised apps will find they have full messaging functionality. At least three versions of the malware, which is able to remotely control infected phones, made it onto Google’s Play store.

The apps target to hijack a variety of basic phone functions. That includes making outbound calls, sending text messages, and harvesting call logs, contacts, and Wi-Fi data.

Lookout researcher Michael Flossman said, that the apps are expected to be distributed through direct phishing texts with download links, or through non-Google app markets. For instance, there’s still a listing for Soniac on a site called App Geyser.

What is SonicSpy?

Malware ‘SonicSpy’ once gets into the Google Play Store, starts recording calls, takes photos and as mentioned above sends text messages. It is said that from February 2017, the apps, infected with SonicSpy.

The blog Lookout stated “Upon first execution SonicSpy will remove its launcher icon to hide itself from the victim, establish a connection to C2 infrastructure, and attempt to install its own custom version of Telegram that is stored in the res/raw directory and titled su.apk,”

Soniac, a messaging app available on Google Play Store, was one of these apps that provided messaging functions through a customized version of the Telegram communications program. Reports say that it has around 1,000 to 5,000 downloads already. All this happens without the user’s awareness and permission, and leaves the user vulnerable to data theft.

How do we safeguard ourselves from the affect of malwares ?

Just stay away from apps that look shady and have poor reviews. Hulk Messenger and Troy Chat have been removed as Google developers realized that they contained malware.

Normally, Google is doing it’s best by introducing software fix i.e., monthly security updates to Android smartphones.

Technology has given lot of benefits and made our life easy. It is up to us how not to abuse the same !