SonicSpy malware has made it to the Play Store carried by thousands of apps, can use phone camera, microphone, and more
Right now, there is a malware called SonicSpy on the loose, hunting for Android devices. It has been reported that more than a thousand infected apps were detected, some of which were even on the Play Store.
The apps that it masks behind are just modified Telegram messengers
The security experts over at Lookout have posted the latest on SonicSpy, its presence on the Play Store, and how it works. In every case, it seems, the malware was disguised as a chat app, fully functioning as it was, apparently, just a modified Telegram.The blog post points towards three messengers that were found to be malicious — Soniac, Troy Chat, and Hulk Messenger. When the user downloads their app of choice, they actually download a mini installer. Once tapped, its icon disappears, the actual messenger is installed and takes the place of the old icon, and the malware hides itself in the background.
What can it do? It has full access over the camera and microphone, can make calls or send texts, can retrieve call logs, contacts, and saved Wi-Fi point information.
Scary stuff, right? The three apps were posted by account “iraqwebservice” and is believed that do, actually, originate from Iraq. Right now, however, the apps and account are all gone. Still, it's reported that SonicSpy is still being developed, so just be careful which apps you download. No need to go for that shady-looking “Best camera Insta filters viewer likes guaranteed” app right now.
Things that are NOT allowed: