If you think you are downloading apps from Google Play Store and you are secure, then watch out!
Someone has managed to flood third-party app stores and Google Play Store with more than a thousand malicious apps, which can monitor almost anything a user does on their mobile device: from silently recording calls to making outbound calls without the user’s interaction or knowledge.
Dubbed SonicSpy, the spyware has been spreading aggressively across Android app stores since at least February and is being distributed by pretending to be a messaging app — and it actually offers a messaging service.
According to The Hacker News, SonicSpy spyware apps perform various malicious tasks, including silently recording calls and audio from the microphone, hijacking the device’s camera and snap photos, making outbound calls without the user’s permission, and sending text messages to numbers chosen by the attacker.
In addition to this, the SonicSpy spyware also steals the following user information: call logs, contacts and information about Wi-Fi access point the infected device has connected to, which could easily be used to track the user’s location.
The spyware was discovered by security researchers at mobile security firm Lookout. The researchers also uncovered three versions of the SonicSpy-infected messaging app in the official Google Play Store, which had been downloaded thousands of times.
Although the apps in question — Soniac, Hulk Messenger and Troy Chat—have since been removed by Google from the Play Store, they are still widely available in third-party app stores along with other SonicSpy-infected apps.
The easiest way to prevent yourself from being targeted by such clever malware is to always beware of fishy apps, even when downloading them from official Google Play Store, and to try to stick to the trusted brands only.
Moreover, always look at the reviews left by users who have downloaded the app and verify app permissions before installing any app. Only grant those permissions that are relevant for the app’s purpose.
Most importantly, do not download apps from a third party source. Although in this case, the app is also being distributed through the official Play Store, oftentimes victims become infected with such malware via untrusted third-party app stores.
Last but not the least, you are strongly advised to always keep good antivirus software on your device that can detect and block such malware before they infect your device, and keep your device and apps up-to-date.
For more information, check out the full article on The Hacker News.