SonicSpy, the espionage malware targeting Android devices, aims to record audio files and pry into call logs. SonicSpy was detected in three messaging apps – Hulk Messenger, Soniac and Troy Chat, available on the Google Play store.
Cybersecurity researchers have uncovered more than 1,000 spying malware-infected applications available to record audio files and snoop on call logs, contact lists, etc.
Recently, it was detected that three messenger apps were infected with the spyware. Google has removed those spyware-infected apps since it was informed about the threats by Lookout security researchers. Other infected apps were discovered on third-party Android app stores.
SonicSpy, an Iraqi-based spyware, was discovered in February. It was distributed via messaging apps, including Hulk Messenger, Soniac and Troy Chat.
According to Michael Flossman, Tech Lead at Lookout Security Research Services, messaging app Soniac is an analog for the communications app Telegram. Soniac combines some malicious capabilities that enables attackers to control the infected device. Flossman wrote:
“This includes the ability to silently record audio, take photos with the camera, make outbound calls, send text messages to attacker specified numbers, and retrieve information such as call logs, contacts, and information about Wi-Fi access points. Once installed, SonicSpy will remove its launcher icon to hide itself from the victim.”
Once it was uncovered, Google removed Soniac from its app store; the other two, Hulk Messenger and Troy chat, were also deleted from the Google Play store, but it is not clear if Google got rid of them, or attackers behind SonicSpy deleted them to avoid detection.
SonicSpy is said to have similar features to SpyNote. According to Lookout researchers, “both families share code similarities, regularly make use of dynamic DNS services, and run on the non-standard 2222 port.” In addition, Lookout explains why it is important for enterprises:
“This kind of functionality should be highly concerning to any party accessing sensitive information through mobile devices, including enterprises. Enterprises often send employees overseas for conferences, customer meetings, etc and while traveling, employees use messaging apps to communicate with coworkers and family back home,” Lookout warns. “Apps like SonicSpy capitalize on this by pretending to be trustworthy apps in well-known marketplaces.”