Spyware found on Google Play

Next story
Olivia Storey

SonicSpy, a messaging app found on the Google Play store, is posing as a messaging service in order for users to download and use it to spread the hidden Spyware embedded in the app.

Once the app is successfully on the device, the user receives the advertised service whilst simultaneously stealing the victim’s data. The functionality of the product gives the user a sense of trust and therefore they do not suspect the malicious activity happening in the background.

Research into the app discovered that it could silently record audio, take photos, make outbound calls, send text messages, receive call logs, view contacts and information about Wi-Fi access points. The malware has the ability to respond to 73 different remote commands making it extremely diverse.

Apps like this take advantage of users by being a ‘trustworthy’ app in well-known marketplaces, like Google Play. They bank on users trusting the store as a credible source, which would only offer reliable apps.

Mark James, ESET IT Security Specialist, answers questions on SonicSpy, other potential spyware, and how to mitigate any sort of data breach due to spyware.


Why did this app ever get onto the Play Store?

“Google do not have quite the same restrictions that Apple do when it comes to the app/Play store. There are many more ways to get apps onto the Android platform, so as an attack vector it is technically easier to compromise.

“They do, of course, have systems and processes in place to vet any apps put forward, but it’s almost impossible to vet everyone to ensure they do not do anything they should not, especially if they do their intended job like some of the ones we see today.”

What issues does this app cause for organisations and their users?

“If we are actually using a messaging app for its intended purpose then it’s quite possible the very use of it could be an opportunity for an attacker to get info they would not normally be privy too.

“On top of that, we use our mobiles to do so much more these days; emails, social media accounts, and financial apps, to name just a few, could all be installed and sending information back and forth.

“If the device is compromised, then in theory all of that data would be open to abuse.”

What can organisations do to prevent users downloading this app?

“Any company that utilises both private, Bring Your Own Device, or work mobiles to store, use and transmit data should have policies in place to vet applications and use of the mobile for both work and private use.

“Applications should be checked and whitelisted to ensure they do what they are supposed to do, and regular checks or application control systems should be in place to ensure only those authorised are installed.

“It may seem harsh but it only takes one compromised mobile that has access to corporate networks to instigate a malware outbreak.”

What mitigation can be put in place to limit any damage caused by this?

“This is definitely one of those instances where prevention has to be the goal.

“Having a good internet security product installed on your mobile, along with Mobile Device Management (MDM), to keep your devices clean and safe.

“We also need to ensure the devices operating systems are able to be kept up to date.

“With so many different Android versions being used on the millions of phones and tablets out there, we need to ensure they are on the latest version if we want to have a good basis of security.”


The app has since been removed from Google Play app store.


How careful are you about which apps you download? Let us know on Twitter @ESETUK.


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.