Lookout researchers have identified over a 1000 spyware apps related to “a threat actor likely based in Iraq.”
Belonging to the family “SonicSpy,” these samples have been aggressively deployed since February 2017, with several making their way onto the Google Play Store. Google removed at least one of the apps after Lookout alerted the company.
We discovered this threat after the Lookout Security Cloud analysis stack identified the spyware capabilities, flagging the app to our research team for manual review.The sample of SonicSpy most recently found on the Play Store, called Soniac, is marketed as a messaging app. While Soniac does provide this functionality through a customized version of the communications app Telegram, it also contains malicious capabilities that provide an attacker with significant control over a target device.
This includes the ability to silently record audio, take photos with the camera, make outbound calls, send text messages to attacker specified numbers, and retrieve information such as call logs, contacts, & information about WiFi access points.
Click here to read the rest of the Lookout post.