Researchers have uncovered thousands of Android applications infected with malware that can record audio from a device’s surroundings and take pictures, amongst other spying tactics.
The SonicSpy malware has been “aggressively” deployed since February, with several infected samples appearing on Google Play, according to computer security firm Lookout.
The firm said at least three infected applications, called Soniac, Hulk Messenger and Troy Chat, were found on Google Play. Soniac was downloaded between 1,000 and 5,000 times before it was removed by Google at Lookout’s request.
It isn’t clear how the other samples, which number more than 4,000, are being distributed, with possible channels including third-party app stores and targeted text messages that include a download link, Lookout said.
But it also contains malicious features including the ability to record audio, take photos with the camera, make outbound calls, send text messages to numbers specified by the attacker and retrieve information including call logs, contacts and information about Wi-Fi access points.
“The overall SonicSpy family supports 73 different remote instructions, including those seen in the Soniac instance,” Lookout said in an advisory.
When installed SonicSpy removes the launcher icon, then establishes a connection to a command server and then tries to install its custom version of Telegram.
Lookout said it believes SonicSpy was created by the developer of a piece of malware called SonicNote reported by Palo Alto Networks last year. That developer, who is thought to be based in Iraq, used an automated desktop tool to mass-produce infected applications, meaning a similar technique could be in use with SonicSpy, Lookout said.
“Anyone accessing sensitive information on their mobile device should be concerned about SonicSpy,” Lookout wrote. “The actors behind this family have shown that they’re capable of getting their spyware into the official app store and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future.”
Infected applications are often found on third-party app stores, which in some major markets, including China, are the established way for users to access Android software. But they’re also routinely found on Google’s own platform.
Lookout said users can install security software to detect SonicSpy and other malware.
Do you know all about security in 2017? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…