Date:14/08/17
Researchers from mobile security firm Lookout say they found at least three Android apps on the Google Play Store that contained a form of advanced spyware they believe was created by an Iraqi developer.
Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store.
In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself.
At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
Researchers believe the same developer created both spyware families. They base their theory on the fact that both apps used dynamic DNS services that ran on the non-standard port of 2222, and both were decompiled, injected with the malicious code, and recompiled with the same desktop utility, possibly part of a custom automated build system.
On infected devices, SonicSpy supports 73 different malicious actions in the form of instructions it receives from a remote server. Below is a summary of the most intrusive ones:
-Silently record audio
-Silently take photos with available cameras
-Make outbound calls
-Send SMS messages
-Retrieve call logs
-Get data on WiFi access points
Users get infected by installing the app and granting it the permissions it needs to perform all its abusive actions. The apps are very hard to spot because they include a fully-working chat application, giving victims no reason to suspect they were infected.
Spyware apps found on Google Play Store
Researchers from mobile security firm Lookout say they found at least three Android apps on the Google Play Store that contained a form of advanced spyware they believe was created by an Iraqi developer.Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store.
In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself.
At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
Researchers believe the same developer created both spyware families. They base their theory on the fact that both apps used dynamic DNS services that ran on the non-standard port of 2222, and both were decompiled, injected with the malicious code, and recompiled with the same desktop utility, possibly part of a custom automated build system.
On infected devices, SonicSpy supports 73 different malicious actions in the form of instructions it receives from a remote server. Below is a summary of the most intrusive ones:
-Silently record audio
-Silently take photos with available cameras
-Make outbound calls
-Send SMS messages
-Retrieve call logs
-Get data on WiFi access points
Users get infected by installing the app and granting it the permissions it needs to perform all its abusive actions. The apps are very hard to spot because they include a fully-working chat application, giving victims no reason to suspect they were infected.
Views: 504
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
