SonicSpy Android Malware Uses SMS Tracking Techniques
SMS Tracking Techniques Employed on SonicSpy Malware
SonicSpy, a new Android malware has hit a wave of chat apps in the Google Play Store. The SonicSpy malware uses SMS tracking techniques to gather infected user’s data.
Google tries hard to keep malware out of their app store, but it seems more reports of malware infected apps hitting the Play Store are coming in. The new SonicSpy malware has now hit a number of different apps in the Google Play Store.
Thankfully, Lookout, the security firm and Android security app developer, has since located the offending apps and has worked with Google to remove all SonicSpy malware apps from the Google Play Store.
This wasn’t a small scale malware operation – the apps with the SonicSpy malware hit the thousands. In a blog post, Lookout mentioned that “Lookout Security Intelligence researchers discovered the spyware in Google Play and connected it to a known malicious actor potentially operating out of Iraq.”
“We have discovered over a thousand SonicSpy apps found live in the Google Play Store.”
As the name suggests, SonicSpy is a classic tracking app that can be used to track infected user data. With the collected data, the malware developers will either use it for their own malicious gain, or they’ll sell it off to malicious organizations across the world.
It’s with malware like SonicSpy that so many people across the world get their personal details, credit cards, and passwords stolen. The app can use SMS tracking, email tracking, and other methods to pry information from Android users.
Michael Flossman, working at Lookout, mentioned that the SonicSpy malware could perform a large number of malicious tasks.
“Our analysis found the malicious app can silently record audio; take photos with the camera; make outbound calls; send text messages to attacker-specified numbers; and retrieve call logs, contacts, and information about Wi-Fi access points. In fact, the malware has the ability to respond to over 73 different remote commands, meaning attackers can manipulate a victim’s device from afar through a command and control server.”
“Once successfully on the device, it provides the victim the advertised messaging functionality while simultaneously stealing data, building a false sense of trust with the victim. This kind of functionality should be highly concerning to any party accessing sensitive information through mobile devices, including enterprises.”
This time, the SonicSpy malware was hidden as chat apps that looked like they could be built from trustworthy developers. With over 1,000 chat apps being created, many Android users fell victim to this specific attack. The interesting thing about all of the apps is that they all functioned as advertised – all of the chat apps offered IM functionality and a clean, smooth interface.
This allowed the malware developers to keep gathering more data – those that downloaded the app would often keep it on their device and use the app every day whilst the malware installed into the app was performing malicious tasks in the background.
With apps like this penetrating the Google Play Store screening process, we’ve reached an era where smartphone security is more important than anything else. More users should install anti-virus apps onto their smartphones, and users should always double check an app is safe before installing it.