Apple is very strict when it comes to adding new applications to their store. Google is more open here, but this strategy has its drawbacks. While Google Play apps are scanned for malicious code, criminals are sometimes able to smuggle some malware to the official store. This time, researchers discovered about a thousand applications infected by SonicSpy, the user’s spyware.
I do not know how Android users should defend against viruses. Probably the best strategy is to install only applications from trusted vendors. Unfortunately, viruses seem to have come to Google Play. Fortunately, the company responds quickly and removes newly discovered threats. Sometimes it is enough to carefully study the permissions requested by the newly installed application and not click everything.
SonicSpy malware was discovered by Lookout employees.
The virus is hiding mainly in instant messengers. So far, we know about: Sonia, Troy Chat, and Hulk Messenger. During the installation a small installer is downloaded. When it is launched, then right application will be downloaded and the malware will remove its icon and hide its activity. The user is happy because has a fully functional cosutomized version of Telegram application. But the virus is running in the background. SonicSpy has full access to the camera, a microphone, can make calls, send SMS, view call history, contacts and saved Wi-Fi networks. Malware supports a total of 73 remote instructions. This is the full surveillance, but that is not all. At least 3 of these infected apps have been placed in the Google Play store using an account called iraqwebservice. Is the SonicSpy malware originating from Iraq? Such is suspicion, but it has not been confirmed by anyone. It is only known that the virus is circulating Google Play since February of this year.
So far, Google has removed infected apps from its store and blocked iraqwebservice account. However, criminals have shown that they are able to penetrate Google Play security. That is why SonicSpy can still appear again in the future. This time the virus hid for half a year and no one noticed it. The next time it may be even worse.