Surveillance malware apps manage to infiltrate Google Play Store

Google Play StoreGoogle’s Play Store has become home to some of the over a thousand malicious apps, known as ‘SonicSpy’, which have been deployed since February.

Of the large number of spyware apps, believed to have come out of Iraq, at least three versions of the malware have appeared in the Play Store in the last six months, according to mobile security company Lookout.

The malicious app most recently found on the Play Store was called Soniac – which was marketed as a customised version of cloud-based instant messaging service Telegram. However, it contained capabilities to silently record audio, takes photos, make outbound calls, send text messages to specific numbers, and retrieve information such as call logs, contacts and information about wi-fi access points. The app has since been removed by Google.

Two other samples of SonicSpy on the Play Store were called Hulk Messenger and Troy Chat – though both are no longer live. It is not clear, however, if Google stepped in and removed the apps, or if they were removed by the people behind the spyware to avoid detection.

Despite the Play Store being seemingly clear of SonicSpy, Lookout warns that we are unlikely to have seen the back of the family of malicious apps.

“The actors behind this family have shown that theyre capable of getting their spyware into the official app store and as its actively being developed, and its build process is automated, its likely that SonicSpy will surface again in the future,” said Michael Flossman, security research services tech lead at Lookout.

Don’t forget to enter the Effective Mobile Marketing Awards. Weve extended the final deadline to 18 August, but times running out. More details here.