• Florida's Premier Investigation & Detective Agency

  • Serving Naples, Florida, and anywhere needed

  • Contact us to learn how we can help

Cell Phone Forensics

Need to get data from a cell phone, mobile device or computer? We can help; click HERE.

Bug Sweeps

We offer extensive, high-tech sweeps for covert listening, video, recording and GPS devices. Learn more HERE..

Surveillance

We offer surveillance for many different needs, from infidelity, worker's compensation matters, non-compete agreements to many other legal purposes.

Android app stores flooded with 1,000 spyware apps

Three fake messaging apps in the Google Play Store have been found to be distributing SonicSpy malware.

By | |

 

Hackers have flooded Android app stores, including the official Google Play store, with over 1,000 spyware apps, which have the capability to monitor almost every action on an infected device.

Dubbed SonicSpy, the malware can silently record calls and audio, take photos, make calls, send text messages to numbers specified by the attackers, and monitor calls logs, contacts, and information about wi-fi access points.

In total, SonicSpy can be ordered to remotely perform 73 different commands and its suspected to be the work of malware developers in Iraq.

Marketed as a messaging application, the malware performs the advertised messaging function in order to avoid users getting suspicious of the download, while all the while stealing their data and transferring it to a command and control server.

SonicSpy has been uncovered by researchers at Lookout after they found three versions of it live in the official Google Play app store, each advertised as a messaging service.

Google has since removed the malicious apps -- called soniac, hulk messenger and troy chat -- from its store, but many other versions remain available on third-party application markets and the malware could have been downloaded thousands of times. At the time of removal from Google Play, soniac had been downloaded between 1,000 and 5,000 times.

soniac-in-the-google-play-store.png

When downloaded from Google Play, Sonic Spy will hide itself from the victim and remove its launcher icon from the smartphone menu. It will then connect to a command and control server and attempt to download and install a modified version of the Telegram app.

This custom app contains the malicious features which allow the attackers to gain significant control over the device. It's unclear if the attackers are targeting specific users, or if they're trying to get hold of any information they can from anyone who downloads the malware.

Researchers analysed samples of SonicSpy and have found that it contains similarities to a spyware called Spynote, uncovered in the middle of last year.

SonicSpy and Spynote share code, make use of dynamic DNS services and they both run on the non-standard 2222 port, leading Lookout to suggest that the two families of malware have been built by the same hacking operation.

Tricking users into using a fully-functioning application while it secretly exfiltrates data to the attackers is also noted as a tactic used by the same attack group. The account behind the malicious apps is called 'iraqwebservice', leading researchers to suggest the campaign is of Iraqi origin.

Whoever is behind the malware, "Spoofing an encrypted communications app also shows the actor's interest in gathering sensitive information," said Michael Flossman, security research services tech lead at Lookout.

And while SonicSpy has been removed from the Google Play Store for now, Flossman warns that it could potentially get into it again.

"The actors behind this family have shown that they're capable of getting their spyware into the official app store and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future," he said.

Google keeps the vast majority of its 1.4 billion Android users safe from malware, but malicious apps still regularly get through to the official store.

Source: http://www.zdnet.com/article/android-app-stores-flooded-with-1000-spyware-apps/

Naples Private Investigator Detective

I have had the opportunity of working with David Rich on several investigations over the past few years.  I am a criminal lawyer whose practice is limited to representing both victims of fraud as well as individuals who are targeted by the government of committing fraud.
 
Mr. Rich has recently been involved with me in two very complex investigations in which he played a vital role.  He displayed incredible computer-related skills as well as extensive knowledge of multiple investigative techniques which have led to very successful completions of  those investigations.

~ Yale T. Freeman, Esq

Naples Private Investigator Detective