Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detect more than 1,000 spy applications on Android App Stores
Someone tried to upload a third-party app store and Google Play Store thousands of tainted apps, which can monitor almost every user activity on a mobile phone by recording calls silently, create an external call without the user having to do anything.
Called SonicSpy, spyware (spyware) has spread throughout Android app stores since at least February by pretending to be a messaging app - although it does indeed offer messaging services.
SonicSpy can perform many poisoning tricks
At the same time, SonicSpy spy applications can perform many tasks, including silently recording calls and sounds from the microphone, device hijack and snap photos, making external calls (outbound) without requires user permission, sends a message to the number that the attacker chooses.
In addition, SonicSpy also steals user information such as call history, contacts, information about Wi-Fi hotspots that the device connects to, which can easily track the location of the person. use.
This Spyware was discovered by security researchers at mobile security company Lookout. They also found three versions of messaging applications affected by SonicSpy on the official Google Play Store store and have been downloaded thousands of times.
Detect more than 1,000 spy applications on Android App Stores Picture 1
The application is available on the official Play Store but is still poisoned
Although suspicious applications - Soniac, Hulk Messenger and Troy Chat - have been removed from the Store, they are still widely available on third-party stores and other SonicSpy infected applications.
Iraq's connection to SonicSpy spyware
The researchers believe that the malware is related to developers in Iraq and that in total, the SonicSpy malware family supports up to 73 remote instructions for an attacker to execute on an infected Android phone.
Iraq's connection to spyware stems from the similarity between SonicSpy and SpyNote, another Android malware discovered in July 2016 that is a Netflix application and supposedly written by Iraqi hackers.
'There are many signs that the hands behind both are the same director. For example, both have the same code, often using dynamic DNS translation, running port 2222 is not standard, 'said Michael Flossman from Lookout.
Importantly, the name of the developer account behind Soniac on Google Play Store is also iraqiwebservice.
How does SonicSpy Spyware work?
One of SonicSpy's messaging apps on Google Play Store is Soniac. When installed, it will remove the launcher icon from the phone list to hide and connect to the C&C server to try to install the edited version of the Telegram application.
However, the application is really malicious when it allows an attacker to completely control the device, turn it into a spy tool, silently record calls, make calls, images, retrieve data personal.
Before being deleted by Google, it was downloaded between 1,000 and 1,500 times, but since it is one of 1,000 variants, the malware can affect more. SonicSpy can return to Play Store
Although SonicSpy-infected applications have been removed from the Play Store, researchers warn that it may return to a developer account and other application interfaces.
'The malware family behind it shows that they can put spyware in the official app store and be actively developed, the build process is automated, maybe SonicSpy can come back in the future.'
Although Google has introduced many security measures to prevent malicious applications, they still find ways to insert into Play Store.
How to protect yourself from malware
The easiest way is to keep an eye on suspicious applications, even when downloading from Google Play Store and trusting only big names. Also, always read the user review that downloaded the application and verify the application before installing, only empowering related to the purpose of the application.
Do not download applications from third party sources because even though distributed through the official Play Store, most victims are infected with malware through untrusted applications. Finally, don't forget to use anti-virus software to detect and block malware and regularly update devices and applications.
Samuel DanielYou should read it
- How many types of malware do you know and how to prevent them?
- 5 types of malware on Android
- What is Clipper Malware? How does it affect Android users?
- New malware detection has terrible spy capabilities never seen on Android
- Google discovered new Spyware on Android called Tizi
- It took three years for Google to discover this dangerous Spyware on Android
- Detect new Android malware fake system update to track and steal user information
- Detecting Android malware can easily steal OTP code without the victim knowing
- Sneaking malware on the Internet
- How to detect and remove malware Agent Smith on Android
- BankBot is back on Play Store - an uninterrupted story about malware on Android
- 10 typical malware types
Tech info
7 signs that your design style is out of date- Why is Firefox faster, uses less memory and still can't win Chrome?
- How do hackers turn thousands of bitcoin virtual currencies after stealing into cash?
- ShieldFS can stop and reverse the effects of extortion code
- Hacker attacks Chrome utility to install malware
- HBO hacked, leaked episodes with the Game of Thrones script
7 signs that your design style is out of date
Why is Firefox faster, uses less memory and still can't win Chrome?
How do hackers turn thousands of bitcoin virtual currencies after stealing into cash?
ShieldFS can stop and reverse the effects of extortion code
Hacker attacks Chrome utility to install malware
HBO hacked, leaked episodes with the Game of Thrones script