Technological advancements have its wide array of benefits that most people can't live without. However, those benefits usually come with better opportunities to exploit others and unfortunately for Android users, that has come in the form of SonicSpy malware.
SonicSpy has made its way to over 1,000 apps in the Google Play Store, infecting them in the past few months since it launched in February. The spyware was discovered by mobile firm Lookout, and they have since been focused on eliminating the malicious software given its direct breach of mobile users' privacy.
SonicSpy is believed to originate from Iraq, and is disguised to be a communications app called "Soniac." This app mimics the services of existing apps such as Viber and Telegram; however, it allows hackers to access phone logs, send text messages, make outgoing calls and record them, gain access to Wi-Fi data access points and make use of the built-in camera of the mobile device.
If mobile users aren't careful, they could potentially provide sensitive information such as credit card numbers, access codes or ever sensitive photos exploited by whoever is behind the creation of the spyware.
Upon further analysis, Lookout has found that "Soniac" has considerable similarities to SpyNote — another form of malware that emerged in 2016. The mobile firm company has a strong inkling that the creators of both "SpyNote" and "Soniac" are one and the same. Evidence of this is the use of dynamic DNS functions and the 2222 port.
The name of the account that spawned "Soniac" is named "iraqiwebservice" and people should be vigilant when downloading new applications with these types of names.
The malware has currently been dealt with, but it has been suggested that these types of apps will continue to appear online. Whoever is behind the creation of these malicious apps has not yet been caught, and is likely getting better at creating privacy-breaching applications that can potentially wreak cyber havoc.
