• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 21st, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
News

Thousands of Android Apps Infected with SonicSpy Spyware

August 12th, 2017 Uzair Amir News, Android, Malware, Security 0 comments
Thousands of Android Apps Infected with SonicSpy Spyware
Share on FacebookShare on Twitter

Google Play is believed to be the best platform for downloading applications and users across the globe rely upon it. However, according to LookOut’s cyber security researchers, in the past six months, over a thousand applications have been infected with spyware, and some of them are being distributed through Google Play. These infected applications are part of malware family called SonicSpy, which includes support for about 73 different remote instructions.

The deployment of infection started in February 2017. The perpetrators of this cyber crime are based in Iraq since the account behind one of the infected Android apps Soniac was identified as iraqwebservice. It is the same account from where two other SonicSpy samples were posted on Play Store.

LookOut’s team found an app called Soniac available on Google Play, which appeared to be a harmless version of Telegram messaging app but it also included malicious mechanisms. When an infected app is installed on a device, the cybercriminal behind the scheme immediately receives considerable control over it.

Out of the 73 supports, some are identified in Soniac. Once the control is gained, the author of the threat can perform a variety of tasks such as discreetly recording audio, capture images/photos through the camera, send text messages to desired numbers, make outbound calls and extract information like contacts, call logs and Wi-Fi access points related info.

When installed, SonicSpy removes its launcher image and hides so that the victim is unable to realize that the device has been infected. Then it creates a connection to its C&C server and installs a customized version of Telegram app, which is titled su.apk and stored in the res/raw directory.

[fullsquaread][/fullsquaread]

Other sample apps analyzed by the research team contained similarities to another malware family SpyNote. This emerged in mid-2016, and it is believed that same author developed both of the malware families because their coding is identical; these use dynamic DNS services and run on non-standard 2222 port.

SpyNote uses customized desktop applications to inject malware into an app so that the victim can use the original functions of the infected app. It is also evident from the steady stream of SonicSpy apps that the threat actors are using similar automate-build process. Currently, researchers are not aware of the desktop tooling of the malware.

It is clear that threat actors are now capable of launching spyware in official app store applications. Therefore, anyone using mobile for accessing sensitive information should be concerned.


  • Tags
  • Android
  • app
  • Cyber Crime
  • Google Play
  • internet
  • Iraq
  • Malware
  • Privacy
  • security
  • Spyware
  • Technology
  • TROJAN
Facebook Twitter LinkedIn Pinterest
Previous article Russian Hackers Spying on VIP Hotel Guests Using Leaked NSA Tool
Next article OpDomesticTerrorism: Anonymous shut down Charlottesville city website
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Malwarebytes says it was also breached by SolarWinds hackers

Malwarebytes says it was also breached by SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

22
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

51
Malwarebytes says it was also breached by SolarWinds hackers
Hacking News

Malwarebytes says it was also breached by SolarWinds hackers

60

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us