SonicSpy Malware Snoops on Google Play Users via Messaging Apps
Whether it’s a British spy sneaking around a casino, or a cybercriminal looking around your device, all spies snoop to find out information. In fact, a specific type of malware exists solely to spy on and collect innocent users’ data. It’s called spyware, and it’s done some serious damage in the past. Now, a new spyware with surveillance capabilities named SonicSpy is here, and it has been weaved into thousands of malicious messaging apps– three of which have made their way onto Google Play.
These three apps, named Hulk Messenger, Troy Chat, and Soniac all contain malicious features that make them the perfect vector for cybercriminals wishing to snoop. Soniac’s capabilities in particular provide an attacker with significant control over a target device.
So, what does this control look like exactly? Once a user has downloaded a Soniac messaging app, SonicSpy malware can record audio, make outbound calls, send text messages to attacker-specified numbers, and retrieve information such as call logs, contacts, and Wi-Fi access point details.
The good news is these three apps have since been removed from Google Play. However, the remaining apps—which since February number slightly more than 4,000—are being distributed through third-party app stores. Plus, these malicious apps are also being distributed through direct phishing texts with download links. So, its important users still remain cautious.
Therefore, to ensure you don’t get snooped on by SonicSpy, follow these tips:
- Only shop on legitimate app stores. Many of the infected applications exist outside of Google Play and are floating around on unaffiliated third-party stores. It’s crucial users only download applications from official stores, like Google Play or the Apple App store, to ensure they don’t get spied on by SonicSpy.
- Check app reviews. Before you even download an app, make sure you head to the reviews section of an app store first. Take the time to sift through the reviews, and keep an eye out for ones that mention that the app has had issues with security or might be a bit sketchy. When in doubt, don’t download any app that is remotely questionable.
- Don’t click. If you’re ever sent an email or a text message from an unknown source, remain wary and don’t click on any links that may be included in the message’s content. These links can carry malware, or redirect you to a malicious app in this instance.
- Use a mobile security solution. As spyware campaigns continue to hit mobile devices, make sure your phone is prepared for any threat coming its way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.
The post SonicSpy Malware Snoops on Google Play Users via Messaging Apps appeared first on McAfee Blogs.
More antivirus and malware news?
- Social Media in the Classroom – What Do You Think?
- Oracle and Java, Apple and the FTC, Google and privacy – 60 Sec Security [VIDEO]
- Israeli Spy Agency Creates Fund to Invest in Tech Firms
- IPv6 celebrates its 20th birthday by reaching 10 percent deployment
- Kiwis unplug supercomputer after intrusion
- Get into Infosec Europe 2017 for free, hear great talks!
- HTML5 Web Storage loophole can be abused to fill hard disks with junk data
- Accidental data leak helps wipe $22bn off Google’s stock value
- Broadband access creeps along but DDoS attacks explode
- Planned VOIP Network Disruption for Pattee/Paterno Library