Google has booted out three apps from the Play Store which could steal contacts, call records and messages from Android devices using a spyware named SonicSpy.
SonicSpy can infiltrate Android devices through apps and can send texts, take pictures from phone cameras and capture call records.
In a detailed blog post, security firm Naked Security has detailed out how a new spyware named SonicSpy can infiltrate Android devices and steal sensitive user information without being noticed by users. Researchers at the firm noted that there could be as many as 4,000 Android apps that hid SonicSpy.
Three of such apps, namely Soniac, Hulk Messenger, and Troy Chat, were present on the Google Play Store and had been downloaded a few times. However, once security researchers at Naked Security informed Google about the spyware present in these apps, Google booted them out from the Play Store.
However, there are still thousands of apps that are infected by SonicSpy and are available at third party app stores that do not feature strong security credentials. Android users who download apps from third party app stores and from the web are particularly vulnerable to the spyware.
Once it infects an Android device, SonicSpy records audio, takes photos with the device’s camera, makes outbound calls, sends text messages to whatever phone numbers the attacker chooses, and retrieves data from contacts, Wi-Fi hotspots and call logs.
Android device users are unable to detect the presence of SonicSpy since it removes its launch icon to hide itself post installation. Once it obtains data from an Android device, the spyware then sends such data over to a command and control server owned by its creator.
To ensure they are not affected by such spyware, Naked Security suggests that Android device users must stick to the Google Play Store not only because it has a strong malware-filtering mechanism, but also because it can boot out existing apps if it is found that they contain malware or trojans.
Third party app stores do not have strong security mechanisms in place and are not as regular in sending out security patches and updates to users. As such, they act as hubs for malware that cannot otherwise get past Google’s Play Store or Apple’s App Store.
The researchers are also advising users not to download new apps on work phones before checking their history so as to ensure they are not downloading unwanted malware inadvertently. At the same time, phone buyers must choose devices that come with faster and more effective patching of vulnerabilities. For example, BlackBerry’s latest Android phones come with ‘zero day’ patches which means that BlackBerry passes on patches to users as soon as they are made available by Google.