google play store infected by sonicspy
Google Play Wikimedia Commons

A new malware has been discovered lurking on the Google Play store since earlier this year. Security researchers have identified the surveillance bug as SonicSpy, a family of nasty smartphone apps.

At least three variants of SonicSpy hiding in apps from Google Play have been intercepted recently by security researchers at Lookout. According to the experts' findings, the said bug is a surveillance malware that can remotely manipulate impacted devices.

On Thursday, Lookout's Security Research Services lead Michael Flossman reported that SonicSpy developers, potentially based in Iraq, have "aggressively deployed" the malware on Google Play since February 2017. Google has already taken down one of the three variants after the San Francisco, California-based mobile security company alerted Google about it.

Lookout identified the malware as Soniac, a strain of SonicSpy advertised as a legitimate custom version of the messaging app Telegram.

"While Soniac does provide this functionality through a customized version of the communications app Telegram", writes Flossman, "it also contains malicious capabilities that provide an attacker with significant control over a target device".

Among its 73 capabilities, Soniac can silently record audio, capture images through a camera app, do calls and texts and steal call logs, contacts, Wi-Fi access points and other relatively sensitive data.

Device owners may not notice the presence of SonicSpy because it has the ability to hide. Hence, experts remind Android device owners to be extra cautious when downloading apps from Google Play.

"Anyone accessing sensitive information on their mobile device should be concerned about SonicSpy", states Flossman. He adds, "The actors behind this family have shown that they're capable of getting their spyware into the official app store and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future".