Mobile Security company Lookout, based in San Francisco, has just discovered that the SonicSpy malware infects more than 1000 Android applications, some from the Google Play Store. In some cases, the malware has been present since February without any fixes being deployed.
SonicSpy malware can take pictures, send text messages, record voice calls, monitor WiFi access points and much more. In all likelihood this spyware was created in Iraq by the same hackers as the SpyNote malware discovered by Parlo Alto Networks last year.
SonicSpy was discovered in the Soniac messaging application, downloaded several thousand times on Android devices. Through this malicious software, hackers can easily take remote control of a device. In total, the different versions of SonicSpy have more than 73 different features.
Once downloaded, the malware removes its icon from the smartphone menu. It then allows cybercriminals to access the user’s private data by connecting to a remote server.
SonicSpy: a malware offering full control to cybercriminals
Google has already removed three infected Play Store applications: Soniac, Hulk Messenger and Troy Chat. More than 5000 users still downloaded Soniac before the application was deleted. However, other potentially infected applications are still available on different third-party stores.
It is therefore essential to avoid downloading applications from unknown sources. Be very careful, and always read user reviews, even on the Google Play Store. Suspicious applications are always badly rated. Also remember to keep your smartphone up to date and install antivirus applications for Android.
Applications infected with malware are becoming increasingly problematic for developers and users of Android mobiles. Recall that by 2022, three phones out of four will run under Android, making this OS much more attractive to hackers than iOS.