Skip to content

Google Expels Spyware From Play Store That Recorded Audio and Took Photos Without Permission

By | Comments (0) |

Android users are facing new threats to their privacy with the recent discovery of over a thousand spyware apps on the loose. A security firm found that at least three of these apps—which are capable of covertly taking photos, recording audio, retrieving call logs, and more—were available for download on Google Play.

Google has removed the apps from its store, according to mobile security firm Lookout, but the search company did not respond to multiple press inquiries regarding how spyware is imperiling its customers’ security.

Google has touted relativistic success in combating trojans and apps featuring backdoors, however, announcing in March that only 0.05 percent of Android devices downloaded malicious apps from Google Play last year.

The spyware discovery was first published by Lookout this week. The firm, which presented a method for jailbreaking the Apple Watch at this year’s DEFCON, wrote that a threat actor based in Iraq was likely the culprit—the account responsible at least is called “iraqwebservice.”

“Belonging to the family ‘SonicSpy,’ these samples have been aggressively deployed since February 2017, with several making their way onto the Google Play Store,” Lookout research lead Michael Flossman writes. “Google removed at least one of the apps after Lookout alerted the company.” The spyware discovered on Google Play went by name “Soniac” and presented itself as a messaging app. It was determined to be a customized version of Telegraph, meaning it provided actual messaging capabilities.

Yet the spyware-infested app also gave the author significant control over the device once downloaded, including the ability to “silently record audio, take photos with the camera, make outbound calls, send text messages to attacker specified numbers, and retrieve information such as call logs, contacts and information about Wi-Fi access points.”

According to Lookout, the app was capable of executing up to 73 remote instructions. Users who downloaded Soniac likely forgot soon after, since after the first execution the Soniac icon disappears.

Although Google did remove Soniac, it’s unclear whether the company also removed two previous spyware apps which have been attributed to the same author: Hulk Messenger and Troy Chat, both of which contained the same SonicSpy capabilities.

“The actors behind this family have shown that they’re capable of getting their spyware into the official app store,” Flossman wrote, “and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future.”

[Lookout]

Daily Newsletter

Get the best tech, science, and culture news in your inbox daily.

News from the future, delivered to your present.

Please select your desired newsletters and submit your email to upgrade your inbox.

You May Also Like

Latest news
Lenovo Laptop Concept Yoga Solar 1
Lenovo Solar-Powered Yoga PC Means You Never Have to Stop Working
The Parenting
The Parenting Invites You To a Scary, Funny Time
Doctor Who Belinda
The New Doctor Who Trailer Introduces His Latest Partner in Time
Batman Hush2
DC Really Hopes Hush 2 Gets You to Read More Batman Comics
Lego Avengersendgame
Even Lego is Going Back to Avengers: Endgame
Mighty Morphin Power Rangers Zack Jason
Power Rangers May Get an AI-Boosted Remaster
Secretary of Defense Pete Hegseth signs a memorandum reversing the name of Fort Liberty back to Fort Bragg while flying in a C-17 operated by the 300th Airlift Squadron en route to Stuttgart, Germany, Feb. 10, 2025
Trump’s Defense Secretary Hegseth Orders Cyber Command to ‘Stand Down’ on All Russia Operations
Image of the AtitlĂĄn caldera
Massive Supereruptions Might Not Trigger the Apocalypse, Just Decades of Chaos