Thousands of Android-spying Apps are on the Loose: how to Deal with SonicSpy
The majority of malicious software apps are coming from the Internet, and unfortunately, Android users have one more reason to worry: spyware apps that steal data from the infected devices.
Investigators have brought to light three cases of SonicSpy-infused apps in Google Play: Hulk Messenger, Soniac, and Troy Chat. They are all messaging apps that disguise their malicious plans and wait for orders from command-and-control server.
Google slung out the apps from its store after they were revealed. Investigator Chen Yu emphasized that Google Play versions had very small installation numbers and existed for a very short period of time.
As numerous reports informed, one criminal who probably lived in Iraq, has delivered these apps on the loose since February.
The working principle
The different SonicSpy-infused apps possess the ability to: record audio without being noticed; make photos by using the device’s camera; make outbound calls; send text messages to any phone numbers; make use of data from contacts, Wi-Fi hotspots and call records.
The main trick of SonicSpy is the ability to remove its launch icon to disguise itself. The next step is connection to a control server on port 2222 of arshad93.ddns[.]net, according to Michael Flossman, a researcher from Lookout who first informed about the appearance of this spyware.