Spyware Apps That Sneaked Its Way Into Google Play & Spy On Users

Soniac was one of the three apps found on Google Play, according to a blog post published Thursday by a researcher from mobile security firm Lookout. The app, which had from 1,000 to 5,000 downloads before Google removed it.  Soniac had the ability to record audio, take phones, make calls, send text messages, and retrieve logs, contacts, and information about Wi-Fi access points. Google ejected the app after Lookout reported it as malicious. Two other apps—one called Hulk Messenger and the other Troy Chat—were also available in Play but were later removed. It’s not clear if the developer withdrew the apps or if Google expelled them after discovering their spying capabilities.  The apps are all part of a malware family Lookout calls SonicSpy.

Once installed, SonicSpy apps remove their launcher icon to hide their presence and then establish a connection to the control server located on port 2222 of arshad93.ddns[.]net.

The researcher said SonicSpy has similarities to another malicious app family called SpyNote, which security firm Palo Alto Networks reported last year. The name of the developer account—iraqwebservice—and several traits found in the apps’ code suggest the developer is located in Iraq. Additionally, much of the domain infrastructure associated with SonicSpy has references to that country. The phrase “Iraqian Shield” appears constantly. Lookout is continuing to follow leads suggesting the developer is based in that part of the world.

Film Student Spied On Thief Who Stole His Smart Phone

After his smartphone was stolen, a film student allowed his smartphone to get stolen again. This time it was filled with spyware to keep tabs on the thief.

An iPhone was not used to lure the thief. You can’t run spyware apps on the iPhone, and you don’t have the same level of control you do with Android.

The filmmaker used an HTC One preloaded with a special type of app that would give him total remote control of the phone. He could also use it to spy on everything the thief did, provided there was an active internet connection at the time. He could take photos and record videos, enable the microphone of the device to snoop in on conversations, collect all location data, read all the text messages, access call history, check contacts, and see all the contents of the phone.

It all happened thanks to a spyware app installed on the device that the thief didn’t even know was there. van der Meer also blocked the phone’s ability to receive Android updates in order to make sure his malware app wasn’t wiped out by a knowledgeable thief.

 

NSA Intercepting Laptops & Installing Spyware

The NSA in connection with the FBI and CIA have been intercepting laptop shipments and installing spyware. According to a new report from Der Spiegel on the National Security Agency’s top team of hackers.  The TAO team are the hackers who can access anyone, anywhere, under any condition. TAO hackers can track your digital movements remotely by exploiting security flaws in an operating system, like Windows. When TAO can’t get through then the NSA goes old school. The agency’s most-skilled team of hackers does not always work from behind a computer screen. Occasionally a target must be physically intercepted before the NSA can access their information. Laptops ordered online are diverted to secret warehouses by the agents who in turn install software, repackaged and remailed. 

Delivery took  so long? You would have to be on NSA’s list for an interception.