Researchers have reported that this spyware can in fact manipulate an android device using seventy three different type of remote instructions, which even include the capacity to record audio silently or take pictures with a camera or make calls and send texts to numbers chosen by the attacker as well as collect and store personal sensitive information like contacts, call history, and other information like WiFI access points.
An example of SonicSpy is the most recent app found in Google Play Store which is named Soniac. The app is disguised as a messaging app in fact. It can not be overlooked however that the spyware app does contain this feature. It uses a customized version which is more like the communications app called Telegram. More dangerously, the app can get your attacker access and control to your Android phone.
Flossman, a researcher stated in his blog about the SonicSpy that whoever designed this spyware wanted their app to push again and again to break the security wall of the victim Android device. The designers made sure to include any kind of features that the users expected from the app. He further added that the app had been designed thus by putting in and modifying the already public source code for the Telegram app. This would make sure that the device that was defected would continue to work functionally along with the app that is the spyware. This way the user will not get any kind of suspicion about the spyware app.
The app is even more harmful for all the people who work overseas for their companies and the jobs require a lot of to and fro. Flossman added in his blog how such corporations usually send their employees for company work out of country and these employees usually end up installing and using different kind of apps – messaging apps – to stay in touch and continue communicating with coworkers or family and friends. SonicSpy and other apps like that basically are a way to use this need (or other potential fields like this) to get more and more victims by disguising their spyware as useful, trustworthy and functional apps available in a known and trusted store like the Play Store.
SpyNote, which was another malware that first was reported to be plaguing devices a year back in 2016, is actually quite similar to this new Spyware. As far as SpyNote is concerned, the designers of that malicious app had a customised desktop application which would install and inject harmful code and disguise specific apps, which will make sure the users of the Android devices do not get to doubt about the functionality of these apps.
Flossman stated that these type of signs and similarities do suggest that it might be the same person who designed both these apps. He explained that both the spyware families have similar codes, and use dynamic DNS services even and both function on the same non standard 2222 port. He went on to add that SonicSpy and other apps like it, which keep coming in the market again and again, actually suggests that whosoever is coming up with these spyware apps are doing it with a similar, may be automatic, building process. However it might be so that their desktop tooling is not yet recovered right now at this moment.
Keep your device secure, and your information private. Keep yourself educated and up to date which will help you in being safer and secure. Better safe than sorry.
