Spying Messaging Apps Sneak into Google App Play Store

Android users have been bombarded with thousands of spyware apps. Thankfully, very few of them got through into the Google Play Store. Cyber security experts have been befuddled with this sophisticated mobile malware infusion attempt. They have dubbed it as “SonicSpy”, and report that this mobile malware had the capability to remotely control Android phones.

How the Mobile Malware Works

A couple of versions of the spyware were available on the Google Play Store. If a victim downloads and installs the app on to his/her device the infection becomes successful. These are messaging apps having typical functionalities. The malicious messaging app has been developed based on the source code of the Telegram messenger app – which is a legitimate app. Hence, it had all the necessary features of the Telegram app, albeit, with the malware sneaked in.

The SonicSpy apps – with names such as Soniac, Troy Chat, and Hulk Messenger had fooled many victims into downloading them. In the background, this app surreptitiously hijacked common functions such as – making and receiving calls; and sending text messages, while recording audio and stealing data about contacts, Wi-Fi and call logs. The victim would not suspect these activities. Google has removed these malicious apps, and are no longer available in its store.

Once the malware has got installed it contacts a command-and-control server for further instructions. The attacker would then be able to send commands for execution. This could include other malware or data exfiltration commands.

How the Mobile Malware was Spread

This malware could be spread through app stores and phishing emails/messages with links to the malware. Cyber security researchers observed that some indications showed that the malware apps could possibly have originated in Iraq. The ability to develop apps to thwart Google’s screening process raises suspicion of the possible involvement of a nation-state.

The attackers seem to have built over 4000 apps and bombarded them at the Google Play Store. Most were unsuccessful. However, some had found ways on to other app stores and have been spread through other ways of distribution.

Security Measures Against Mobile Malware

This has not been the first deceptive malware to bypass Google Play Store’s screening and vetting process, and neither will it be the last. As cyber criminals find out more ways/ other ways to sneak in malicious apps, it would be the responsibility of the device owners in their own interest to take proactive security measures to protect their devices and data. Avoid downloading apps that have quite a few downloads, or look suspicious. And get a robust antivirus software that monitors processes in real-time for malicious activity.