Press "Enter" to skip to content

SonicSpy, a new Android spyware hidden in over 1,000 apps on the Play Store

We have always said that the best thing is to avoid downloading apps from unofficial sources, and download them from the Play Store, which is Google’s official store, in order to protect ourselves against Android malware. However, lately there have been apps uploaded on the store hiding all kinds of malware such as the case of the new SonicSpy spyware hidden in over 1,000 theoretically safe apps on the Play Store, threatening Android users.

In recent months, we have been able to see how several threats were sneaking into the Play Store, roaming freely without raising the slightest suspicion from Google’s security systems, with threats such as Xavier, Lipizzan or FalseGuide endangering the security of millions of Android users. Now a new spyware, detected by the security company Lookout, is threatening Android users by being hidden on the Play Store in over 1,000 apps, which are theoretically reliable apps that have gone under several security measures before being published on Google’s store.

How does the SonicSpy spyware works on Android?

As we just said, this malware was able to evade the Play Store’s security measures, so the main form of infection is through Google’s official app store. Some of the infected apps (a lot of them are instant messaging apps) have good ratings on the store and have been downloaded between 1,000 and 5,000 times, so the number of infected users is quite significant.

This spyware is capable of performing a wide range of malicious activities such as spying on the phone’s microphone, recording calls, controlling the phones’ cameras, making calls and even sending text messages to any phone number chosen by the hackers. Additionally, this spyware is capable of retrieving virtually all the data on any device, from call logs to nearby Wi-Fi networks, which may be used to discover the victim’s location.

It also connects to a control server with an IP based on Iraq from where the hackers control the spyware through a 2222 port. This way they can remotely execute over 70 different commands.

The apps infected by this malware have already been removed from the store, although there is a possibility for the hackers to sneak into the store again by using new malicious apps or by updating the spyware.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *