Researchers have uncovered thousands of Android applications infected with malware that can record audio from a device’s surroundings and take pictures, amongst other spying tactics.
The SonicSpy malware has been “aggressively” deployed since February, with several infected samples appearing on Google Play, according to computer security firm Lookout.
The firm said at least three infected applications, called Soniac, Hulk Messenger and Troy Chat, were found on Google Play. Soniac was downloaded between 1,000 and 5,000 times before it was removed by Google at Lookout’s request.
It isn’t clear how the other samples, which number more than 4,000, are being distributed, with possible channels including third-party app stores and targeted text messages that include a download link, Lookout said.
But it also contains malicious features including the ability to record audio, take photos with the camera, make outbound calls, send text messages to numbers specified by the attacker and retrieve information including call logs, contacts and information about Wi-Fi access points.
“The overall SonicSpy family supports 73 different remote instructions, including those seen in the Soniac instance,” Lookout said in an advisory.
When installed SonicSpy removes the launcher icon, then establishes a connection to a command server and then tries to install its custom version of Telegram.
Lookout said it believes SonicSpy was created by the developer of a piece of malware called SonicNote reported by Palo Alto Networks last year. That developer, who is thought to be based in Iraq, used an automated desktop tool to mass-produce infected applications, meaning a similar technique could be in use with SonicSpy, Lookout said.
“Anyone accessing sensitive information on their mobile device should be concerned about SonicSpy,” Lookout wrote. “The actors behind this family have shown that they’re capable of getting their spyware into the official app store and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future.”
Infected applications are often found on third-party app stores, which in some major markets, including China, are the established way for users to access Android software. But they’re also routinely found on Google’s own platform.
Lookout said users can install security software to detect SonicSpy and other malware.
Do you know all about security in 2017? Try our quiz!
Tesla shareholders to be asked to reinstate Elon Musk's $56 billion pay package, days after…
Catching WhatsApp? Billionaire founder of Telegram claims encrypted platform will reach one billion users within…
Good news for Mark Zuckerberg as judge dismisses some claims in dozens of lawsuits alleging…
Consequences of Assembly Bill 886. Google begins removing California news websites from some search results
CEO Tim Cook during visit to Jakarta says Apple will look into building a manufacturing…
Introduction of digital services tax on tech firms will begin in 2024 Canadian government confirms,…