Google has taken action to restrain the spread of Android malware based on “SonicSpy” that besides just filtrating personal data from the phone, it is also alleged to have the ability to silently record audio, take photos with the camera, make calls, and even send text messages.
First discovered by security researchers at Lookout, the malware package had been “aggressively deployed” since February 2017, with several examples that apparently are spreading on the Google Play store. The apps are disguised as cross-protocol messaging applications and installs as a custom version of the commonly used Telegraph, in each case.
Specific data able to be picked from the phone also includes call logs, contacts, information about Wi-Fi access points, and any personal information retained in the phone. It is still unknown if the malware can examine other apps, and retrieve stored passwords.
The researchers tracked back the malware to Iraq. And as of today, it is still not known how many devices may have been infected by the latest malware.
Google Play removed up to three instances of the malware after being notified of the problem —one confirmed to be purged by Google, and the removal of the other two may have been by the posters themselves. Lookout claims that over a thousand versions of the apps survive elsewhere, and can be side-loaded onto devices by uninformed users.
“The actors behind this family have shown that they’re capable of getting their spyware into the official app store,” wrote Lookout, “and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future.”Multiple requests by press venues to comment on the malware have been met with silence.
Only 0.05 percent of Android users downloaded malware from Google Play in 2016 according to Google, as announced back in March. It is said that 560,000 device out of 1.4 billion active devices were infected from the official Google Play store alone. Side-loading infections are not even included.
In September 2015, Chinese hackers distributed a spiked version of Xcode and it is reported to be Apple’s last malware problem. The distribution of the app resulted in 40 infected apps making it onto the App Store for a brief period of time —and despite some initial confusion about it, all of them were just in the Chinese version of the App Store.