SonicSpy Android malware is able to secretly spy on users

Android device owners have been warned to beware a potent new form of malware which is able to secretly record them.

The SonicSpy malware is able to use a device's audio and video capture capabilities to monitor the victim, and is also able to steal personal information to be sold on to cybercriminals.

First identified by researchers at security firm Lookout, SonicSpy appears to have easily bypassed the guidelines on the Google Play Store, with nearly 4,000 variants already discovered - although Google now appears to have acted, with at least one of the apps now removed.

This was a fake messaging app called Soniac, which pretends to be a customised version of the widely-used Telegram service, but once installed, the app secretly installed spyware that was able to silently record audio, take photos with the camera, make outbound calls, send text messages to attacker specified numbers, and retrieve information such as call logs, contacts and information about Wi-Fi access points.

Lookout estimates that SonicSpy has been present on the Play Store since February 2017, with some of the initial apps appearing to originate from Iraq. The constant stream of apps since then suggest that the criminals are using a basic, automated-build process, with new skins and features added each time.

"Anyone accessing sensitive information on their mobile device should be concerned about SonicSpy," Lookout security research services tech lead Michael Flossman wrote in a blog post concerning the malware. 

"The actors behind this family have shown that they're capable of getting their spyware into the official app store and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future."