Android Apps With Spy Software

Uploaded on 2017-08-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cybersecurity researchers have warned against using certain phone messenger applications because they have the capability to steal data from the devices they infect.

The researchers from SophosLabs  have identified three cases of “‘sonic-spy” infused apps in Google Play, the official app store for Android devices.

According to Bill Brenner from Sophos, sonic-spy infused apps have the ability to record audio, take photos with the device’s camera, make calls, send text messages, and retrieve data from contacts and call logs.

Identified Apps

Mr Brenner identified the apps that can hide their spying functionality as Soniac, Hulk Messenger, and Troy Chat. It is understood that Google removed the apps from its store after they were discovered.

“Google gets criticism when these things are found on Google Play but when they are found they generally take them down. They try to screen as much of this stuff as possible, but it’s difficult,” Mr Brenner told The Irish Times.

Asked how consumers come across this sort of app in the first place, Mr Brenner said: “When a person is downloading an app that turns out to be malicious, almost never are they aware that it’s malicious.

Maybe they find an app that looks like a WhatsApp type of programme and they decide that they want it, or they find an app that looks like a good delivery conduit for music . . . and its typically unbeknownst to the user that there’s code baked into some of these apps that allow the bad guys to go through their contacts, get access to their camera, go through their text messages and ultimately getting into banking apps.”

Sonic-Spy Apps

Added to the three apps identified on Google’s platform, SophosLabs counted 3,240 sonic-spy apps in total, while some reports put the number as high as 4,000.

“The average Android user isn’t going to know what techniques the malware used to reach their device’s doorstep, but they can do much to keep it from getting in,” Mr Brenner said.

He advised users to stick to Google Play, avoid apps with a poor reputation, and ensure the software on your phone is as up-to-date as possible.

Asked whether users of Apple’s IOS system could be affected by similar apps, Mr Brenner said that while there is malware designed to affect Apple users, it’s a lot harder to get apps into its app store than it is with Google.

Irish Times:

You Might Also Read: 

Intelligence Agency Backs Start-Up Spy Apps:

Apple Removes Spy Apps:

« Very Few UK Girls Took Computing A-level
Cyber Criminals Have Access To Weapons Grade Hacking Tools »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Engage Black

Engage Black

Engage Black provides solutions for securing and protecting cryptographic keys, data at rest, and data in motion.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

SOOHO

SOOHO

SOOHO helps to detect security vulnerabilities earlier. Our blockchain security platform audits from smart contracts to on-chain transactions.

Lumu Technologies

Lumu Technologies

Lumu is a cybersecurity company that illuminates threats and attacks affecting enterprises worldwide.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

eCentre@LindenPointe

eCentre@LindenPointe

The eCenter@LindenPointe provides assistance to the development, management and promotion of STEM (Science, Technology, Engineering, Mathematics) related business ventures.

Picnic

Picnic

Picnic is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

Edera

Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process.

Cyber Dagger

Cyber Dagger

Cyber Dagger is a cybersecurity company driven by a mission to protect digital infrastructures and close the cybersecurity skills gap.

Hive Systems

Hive Systems

Hive Systems specialize in tailored solutions that unify risk assessments, IT, security awareness, and cybersecurity operations for businesses of all sizes.