Android users have been the target of a threat actor who has created more than 4,000 spyware apps in the past six months. At least three of these apps have made their way past Google’s security into the official Play Store.
According to researchers from security firm Lookout, Soniac was one of these apps that made it past the gates. With somewhere between 1,000 and 5,000 downloads, the app got quite some traction before Google removed it.
The app said it was a customized version of the Telegram communications program, providing messaging functions. Underneath it all, the app actually made audio recordings, took photos with the camera, made calls, sent texts to specific numbers the attacker wanted it to, and collected all your phone call data, copied your contact list and any information about the Wi-Fi access points you encountered.
Other apps we also discovered in the Play Store, namely Hulk Messenger and Troy Chat, and they’ve also been removed from the store, either by Google itself, or the author.
Once a device is infected, the app will signal the Comand and Control server and await instructions. Up to 73 different remote instructions can be sent over to the victim. This is something that all 4,000 discovered apps could do, both those that got into Google Play and those that are available on third party app stores.
Security researchers believe the author behind this huge family of apps was also behind SpyNote, another malware family that was discovered back in mid-2016. Aside from code similarities, they all make use of dynamic DNS services regularly and run on the non-standard 2222 port.
This is just another example that you should be careful what apps you install on your device, regardless of they come from the Play Store or not. Not even Google is infallible when it comes to keeping the Store clean and many malicious apps can pass the test, especially if the attack is delayed and the malware won’t deploy immediately after installation.
We’re also going to strongly advise Android users to not download and install apps from third party app stores because you never know what you’re going to find there and how it’s going to affect your device.