Researchers at the security firm Lookout have identified a family of malicious smartphone apps, referred to as SonicSpy. At least three versions of the malware, which is able to remotely control infected phones, made it onto Google’s Play store.
Anyone who installs the compromised apps will find they have full messaging functionality. But in the background, according to Lookout, the apps are able to hijack a variety of basic phone functions. That includes making outbound calls, sending text messages, and harvesting call logs, contacts, and Wi-Fi data.
According to Lookout, a developer, possibly based in Iraq, built over a thousand malicious messaging apps by weaving spy functions into the public source code for a legitimate (and quite popular) messenger app called Telegram. The developer rebranded the resulting apps with names including Soniac, Hulk Messenger, and (in an apparent bit of humor) Troy Chat. Those three were actually successfully listed on Google Play (googl, -1.69%), though they’ve since been pulled.