Google has taken action to curb the spread of Android malware based on "SonicSpy" that besides just exfiltrating personal data from the phone, had the ability to silently record audio, take photos with the camera, make calls, and send text messages.
First spotted by security researchers at Lookout, the malware package had been "aggressively deployed" since February 2017, with several examples actually rolling out on the Google Play store. In each case, the apps masqueraded as cross-protocol messaging applications and installs as a custom version of the commonly used Telegraph.
Specific data able to be purloined from the phone also includes call logs, contacts, information about wi-fi access points, and any personal information retained in the phone. It is unknown if the malware can examine other apps, and retrieve stored passwords.
The researchers tracked back the malware to Iraq. It is not known how many devices may have been infected by the latest malware.
Up to three instances of the malware were removed from Google Play after being notified of the problem — one confirmed to be purged by Google, and the removal of the other two may have been by the posters themselves. Lookout claims that over a thousand versions of the apps survive elsewhere, and can be side-loaded onto devices by unwary users.
"The actors behind this family have shown that they're capable of getting their spyware into the official app store," wrote Lookout, "and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future."
Multiple requests by press venues to comment on the malware have been met with silence.
Google announced in March that only 0.05 percent of Android users downloaded malware from Google Play in 2016. Out of 1.4 billion active devices, that means that 560,000 device were infected from the official Google Play store alone, not even including side-loading infections.
Apple's last malware problem on iOS was when Chinese hackers distributed a compromised version of Xcode in September 2015. The distribution of the app resulted in 40 infected apps making it onto the App Store for a brief period of time — and despite some initial confusion about it, all of them were just in the Chinese version of the App Store.
38 Comments
560,000 infections through an app store...nothing to see here people...keep moving please...
paging Gatorguy for the unofficial Google response...and i do respect Gatorguy's intelligence.
Walled garden, or this.
The number of malware infections admitted by Google for 2016 was 560,000. The new spyware was deployed in 2017. Google admitted the 2016 issue and gave figures for it; the magnitude of the 2017 problem is a Google secret. Google's secrecy could mean the new malware problem is far worse than last year's. Alternatively, it may mean that Google execs work harder this year to keep users in the dark about Android's security problems. Or both.