Skip to main content

Google Has Recently Deleted Android Spyware App Called Soniac From Play Store


Soniac is a fake messaging app removed from Play Store after the Android-maker was alerted by the mobile security firm Lookout, an Ars Technica reportsays.

There were two other similar apps on Google Play – Hulk Messenger and Troy Chat – which are nowhere to be seen. It’s unclear if Google removed them or their creators.
Allowing the attacker to breach user’s security and privacy, Soniac disguises itself as a modified version of the instant messaging app Telegram, and it belongs to the SonicSpy family of malware. It had a download count between 1000-5000 times before Google kicked it out.
SonicSpy Soniac
Image: Lookout

SonicSpy Hul Messenger
Image: Lookout
The malicious app’s potential includes, “the ability to silently record audio, take photos with the camera, make outbound calls, send text messages to attacker specified numbers, and retrieve information such as call logs, contacts, and information about Wi-Fi access points,” writes Michael Flossman in his blog post made last week.
After the user installs it, the app hides its launcher icon and then establishes a connection with the attackers’ C2 infrastructure (arshad93.ddns[.]net:2222). It reappears as the modified Telegram app.
The three apps are only a tiny fragment of an enormous chunk of around 1000 SonicSpy spyware apps, reported since February 2017. The remaining apps might have been distributed through other unknown platforms or via SMS having download links.
When combined, the SonicSpy family supports a total of 73 commands which can be issued remotely by the attackers, whom the researchers think might be based in Iraq. In the light of similarities, SonicSpy’s strings are also tied to another malware family called SpyNote, first reported in July 2016 by Palo Alto Networks.
According to Lookout, there could be the same actor behind both the families. “For example, both families share code similarities, regularly make use of dynamic DNS services, and run on the non-standard 2222 port.”
Flossman has warned Android users about SonicSpy being under active development and its possibility of making a comeback in the future.
The fact, SonicSpy’s developers managed to get different spyware apps on Google Play, is quite chilling. This is despite the tight security measures deployed by Google, and it might make a dent in user’s trust if similar incidents happen more often. Earlier this year, Google removed a malware called “System Update” which remained undetected for three years.

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

The First Ubuntu 17.10 Beta Release Is Finally Here-Download 7 Different Flavors Here

Following the tradition, the first Beta release hasn’t witnessed the participation of default Ubuntu release, which will now ship with GNOME desktop environment. This brings us to the