UPDATED 23:52 EDT / AUGUST 10 2017

APPS

SonicSpy spyware discovered in 1,000+ Android apps

A recently discovered spyware family believed to have originated in Iraq is infecting more than 1,000 Android apps, including some available for download from the Google Play store.

Dubbed “SonicSpy,” the spyware can record calls and audio, take photos, make calls, send text messages, monitor calls logs and contacts and monitor information about Wi-Fi access points. According to researchers at Lookout Inc., the overall SonicSpy family supports 73 different remote instructions, giving the alleged hacker behind it multiple attack opportunities.

The spyware is being distributed by primarily pretending to be a messaging app — and it actually delivers a messaging service. But at the same time, it steals information from a victim’s Android device. Three versions of the SonicSpy-infected messaging app were discovered in the Google Play Store and have since been removed: Soniac, Hulk Messenger and Troy Chat. But the same apps are still widely available on third-party app stores along with other SonicSpy-infected apps.

The alleged Iraq connection to the spyware stems from similarities between SonicSpy and SpyNote, Android malware that was masquerading as a Netflix app in 2016, which is also believed to have been written by an Iraqi hacker. “There are many indicators that suggest the same actor is behind the development of both,” Lookout Security Research Services Tech Lead Michael Flossman wrote. “For example, both families share code similarities, regularly make use of dynamic DNS services, and run on the non-standard 2222 port.”

The more obvious giveaway, however, is the name of the account that was used to distribute the apps on the Google Play store: “iraqiwebservice.”

Flossman warned that although these apps have been removed from Google Play for now, Android users should remain wary because it’s likely SonicSpy will reappear. “The actors behind this family have shown that they’re capable of getting their spyware into the official app store and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future,” he added.

Photo: Anthony Quintano/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.