{Security} 1000 Spyware Apps Found On Android App Stores

Android Spywares:

Are you having the mind set that the safest and secure place to download Android app is the play store? then it is very important to watch out!

Someone hacker and spyware expert has managed to flood third-party app stores and Google Play Store with malicious apps, which has the ability to monitor user interaction on their mobile device from silently recording calls to make outbound calls without the user’s interaction.


Many mobile user download from various available store online without proper validation of the authenticity of both the website and the app they are downloading. However some app are very honest to info the user that the app will access their privacy information like phone contact, messages and galary but the user are to adamant and never for ones read the permission they are granting to the app, they just continue to press yes yes still the installation finish.


Some leak app that are spyware to watch on Google play store:


Dubbed SonicSpy, the spyware has been spreading aggressively across Android app stores since at least February, providing dual service as a messaging app as well as spyware.


The SonicSpy spyware also has the ability to steal user information including which include call logs, contacts Wi-Fi access point information that infected device has connected to, which could easily be used to track the user’s location.


The spyware was discovered by security researchers at mobile security firm Lookout. The researchers also uncovered three versions of the SonicSpy-infected messaging app in the official Google Play Store, which had been downloaded thousands of times. Other app with thesame malicious feature like:

Soniac, Hulk Messenger and Troy Chat, have since been removed by Google from the Play Store, but there are other third party app are still widely available in google play store, therefore watch out for the next you are installing in your device.


SonicSpy Spyware origin

Accounding to the research Sonic Spyware malware was believed to be related to a developer base in iraq and further adding that the sonicspy malware family supports 73 different remote instructions that its attacker could execute on an infected Android device.


The connection of Iraq to the spyware stems from similarities between SonicSpy and SpyNote, another Android malware that was discovered in July 2016, which was masquerading as a Netflix app and was believed to have been written by an Iraqi hacker.


Lookout Security Research Services Technology Lead Michael Flossman say “There are many indicators that suggest the same actor is behind the development of both. For example, both families share code similarities, regularly make use of dynamic DNS services, and run on the non-standard 2222 port,”


Another important indicator to this claim wa the name of the developer account behind Soniac, listed on the Google Play store, was “iraqiwebservice.”


How the SonicSpy Spyware Works

One of the SonicSpy-infected messaging in Google’s Play Store masqueraded as a communications tool called Soniac.

Once Soniac app is installed, it removes its start icon from the smartphone menu to hide itself from the victim and connects to a command and control (C&C) server in an attempt to install a modified version of the Telegram app.


That be said, the app actually includes many malicious features which allowed the attackers to gain almost full control of the infected device and turn it a spy in your pocket that could silently record audio, make calls, take photos, and pilfer your personal data, including call logs, contacts and details about Wi-Fi access points.


Before the app was removed by Google team, the app had already been downloaded between 1,000 and 5,000 times, but since it was part of a family of 1,000 variants, the malware could have infected many thousands more through the different app sharing means.


Watch out SonicSpy Could Get Into Play Store Again

Although SonicSpy-infected apps have now been removed from the Play Store, the researchers futhher warned that the malware could potentially get into the Play Store again with another developer account and different app name and UI:


“The actors behind this family have shown that they’re capable of getting their spyware into the official app store and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future,” the researchers warned.


While Google has taken Serious security measures to prevent malicious apps from making through Google’s security checks, malicious apps may still make their ways into the Play Store.


few month ago the lookout securit research has warned about a clever malware, called Xavier, that was discovered in over 800 different Android apps that had been downloaded millions of times from Google Play Store and silently has been collecting sensitive user data.


In April, another report was made about the BankBot banking trojan making its way to Google Play Store with the ability to get administrator privileges on infected devices without even rooting and are capable of perform a broad range of malicious tasks, including stealing victim’s bank logins.


futher report was where made FalseGuide which has affected over 2 Million Android users. this malware is hidden in more than 40 apps for popular mobile games, such as Pokémon Go and FIFA Mobile, on the official Google Play Store.


How to Protect yourself against such Malware

The easiest way to prevent yourself from being targeted by such clever malicious malware, always beware of fishy apps, even when downloading them from official Google Play Store and also try to stick to the trusted brands only.


Most importantly, always look at the reviews left by users who have downloaded the app and try to verify app permissions before installing any app even from the official app stores and grant those permissions that are relevant for the app’s purpose. ( especially for those useing Android version 5.0 and above).


Also, it very important not to download apps from third party source. Although in this case, the app is also being distributed through the official Play Store, most often victims became infected with such malware via untrusted third-party app stores.


My Last but not the least, you are strongly advised to always keep good antivirus software on your device that can detect and block such malware before they infect your device, and keep your device and apps up-to-date.

Get Stuffs Like this, to Ur' Inbox:

Updated: —

Leave a Reply

Your email address will not be published. Required fields are marked *