SonicSpy malware has made it to the Play Store carried by thousands of apps, can use phone camera, microphone, and more

Viruses are always a nasty thing to deal with and it has been so since the age of the first household PCs. However, malicious software, which aims to allow an attacker to steal your data or hijack your device for their purposes, is downright dangerous. Especially considering how much sensitive information we keep on our computers and our phones nowadays.

We generally feel safe and secure when downloading apps from the Google Play Store or the Apple App Store, since both marketplaces have strict rules and monitoring of each new product. However, every once in a while, hackers manage to fool the system and cheat their way through, injecting a bunch of apps with their malicious software.

Right now, there is a malware called SonicSpy on the loose, hunting for Android devices. It has been reported that more than a thousand infected apps were detected, some of which were even on the Play Store.

The security experts over at Lookout have posted the latest on SonicSpy, its presence on the Play Store, and how it works. In every case, it seems, the malware was disguised as a chat app, fully functioning as it was, apparently, just a modified Telegram.

The blog post points towards three messengers that were found to be malicious — Soniac, Troy Chat, and Hulk Messenger. When the user downloads their app of choice, they actually download a mini installer. Once tapped, its icon disappears, the actual messenger is installed and takes the place of the old icon, and the malware hides itself in the background.

What can it do? It has full access over the camera and microphone, can make calls or send texts, can retrieve call logs, contacts, and saved Wi-Fi point information.

Scary stuff, right? The three apps were posted by account “iraqwebservice” and is believed that do, actually, originate from Iraq. Right now, however, the apps and account are all gone. Still, it's reported that SonicSpy is still being developed, so just be careful which apps you download. No need to go for that shady-looking “Best camera Insta filters viewer likes guaranteed” app right now.

source: Lookout



37. jonathanfiuwx

Posts: 184; Member since: Mar 10, 2017

not to sound paranoid but i did notice alot of notifications with cerberus taking superuser when using my phone

32. domfonusr

Posts: 1106; Member since: Jan 17, 2014

I don't ever side-load apps from outside of Google Play Store, and even when I'm on the Play Store I don't download apps that look suspicious or have fewer than 500,000 downloads... of course, the problem is that you never really know, and you have to watch app permissions like a hawk. I do my best to manage apps safely, but it does irk me about the Play Store that things can get in and wreak havoc if somebody manages to slip something in, even under Google's watchful eye. No one is immune, of course, but somehow Apple manages to maintain the myth and appearance that this does not ever happen in their ecosystem.

31. Eraman

Posts: 164; Member since: Dec 13, 2015

That's why it's a good deal to have a BB10 smartphone in your pocket

14. collin3000

Posts: 70; Member since: Apr 28, 2015

So the lesson is don't download random apps and click all the buttons giving them tons of security permissions. Who that visits PA or any tech website actually does that? I feel like these types of articles should be more targeted at AARP magazine.

11. MattPerkins1

Posts: 94; Member since: Mar 25, 2017

You know I can understand experts recommending Windows over macOS and Linux but anyone recommending Android over iOS needs their head examined. I say this because Windows you can look past the malware because Windows has a simpler user interface than macOS and Linux but iOS has a simpler user interface than Android. Windows PCs are also more upgradeable than Macs thus the reason why it's preferred by gamers and businesses but neither iOS or Android can be upgraded without getting a new device thus ruining that advantage. Also the top Windows computers kill Macs on benchmarks but the iPhone kills Android phones on benchmarks. So in reality there no reason to look past Android's malware and security issues. Besides most professionals like doctors and most governments prefer iOS because it's harder to hack and is easier to use.

20. cmdacos

Posts: 4429; Member since: Nov 01, 2016

And this above represents a typical iOS user? Lol no thanks. Shallow gene pools are not my thing.

21. LetsBeHonest

Posts: 1548; Member since: Jun 04, 2013

1) Lots of Choices for customers. 2) Cover all price groups. 3) Better customisability​, widgets & skins. 4) More closer to a mini PC with better multi tasking and working file managers. 5) Lots of free stuffs in the store. 6) Open source system and custom ROMs for those who are interested in such stuffers. 7)Follow universal standards like USB type C. 8) Easy sharing of files and stuffs between phones and computers. I'm sure all these advantages are completely useless to you so need to bother giving a reply. Lol

25. jeroome86

Posts: 2314; Member since: Apr 12, 2012

You might get the attention of the Expert. Be warned.

26. Xilam unregistered

Matt, stop digging your own hole deeper. You're seriously in denial if you don't see any benefits of owning an android over iOS. I like iPhones, one of the best devices I ever owned was an iPhone - and I would like to own one again - but with ONLY flagships offere by Apple - is forced to resort to a much cheaper device that Apple doesn't care to build! Problem is these cheaper devices are really good today - they may not offer latest and greatest, but they're so much better than owning an older iPhone model. So shut the hell up - you don't know what you're talking about.

7. piyath

Posts: 2445; Member since: Mar 23, 2012

Android is a pile garbage. All the viruses in the entire world come from Android

9. cmdacos

Posts: 4429; Member since: Nov 01, 2016

Do we need to post the many incidents of malware reaching the App store? Both are quick to react and correct.

24. LetsBeHonest

Posts: 1548; Member since: Jun 04, 2013

Even HIV? lol

6. NarutoKage14

Posts: 1355; Member since: Aug 31, 2016

How did "THOUSANDS OF APPS" become 3 apps?

10. cmdacos

Posts: 4429; Member since: Nov 01, 2016

Phonearena editing

30. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Android hate from the IOS fanboys. Whatever gets clicks. Even if it means exaggerating the truth.

2. RebelwithoutaClue unregistered

A misleading title once more. Like stated in the article, only 3 apps have been found in the Playstore carrying this malware and they already have been removed by Google before Lookout made this announcement (although Lookout did report it first to Google)

5. Flash

Posts: 1972; Member since: May 19, 2017

Oh here we go with the denial. I think you are overlooking the fact that malware has once again made it to the play store, but you remain clueless as ever.

16. RebelwithoutaClue unregistered

I'm not denying a thing, if I would be denying I would be saying there wasn't any malware in the Playstore at all. But once again websites like PA blow it out of proportions. Yet you don't see them writing an article on for instance the trident vulnerabilities of iOS. Should Google ante up their malware scanning practices in the Playstore, yes they should. Will the current state affect millions of people and worry people, hardly. You just read what you want to read and remain ignorant as ever.

19. Xilam unregistered

Read the article Flash!

29. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

He didn't deny anything. Did you even read his post? " Like stated in the article, only 3 apps have been found in the Playstore carrying this malware and they already have been removed by Google" So right here he states ion his own post about what was found, he never denied it was found. Jerk! Such apps appear on ALL platforms, even IOS where Apple claims to be more stringent vs Google. And yet it happens.

1. trojan_horse

Posts: 5868; Member since: May 06, 2016

Not trying to downplay this issue, but I've learnt that most spyware and viruses discovered by analysts and security firms are developed and put there by those very same security firms in the first place, so that they can be the first to discover a new virus, thus hyping up their reputation and drum up business. Just saying.

3. Settings

Posts: 2943; Member since: Jul 02, 2014

It's called business.

4. trojan_horse

Posts: 5868; Member since: May 06, 2016

Business as usual, brah!

27. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Shouldn't it be illegal? Wait...isn't this equal to pharmaceuticals creating sicknesses, so they can make money off the cure? Oh and those sicknesses they causes? Are placed on the bottle as "side effects". Because if you have side effects, then what do you have to do? Buy more meds to counteract the side effects, in which those also can have side effects and its simply a continuous loop that makes them money!

41. HansP

Posts: 542; Member since: Oct 16, 2011

Sounds like someone should stop reading medical advice from their Facebook feed.

43. Beijendorf unregistered

Short of antiemetics when using opioids, nobody in the medical field prescribes more drugs against side-effects. You're completely clueless how the field of medicine operates.

8. apple-rulz

Posts: 2198; Member since: Dec 27, 2016

Is that your thinly veiled way of saying Lookout infected the offending apps, as a means to drum up business? Pretty bold of you, considering you personally have zero way to back it up.

34. sgodsell

Posts: 7696; Member since: Mar 16, 2013

It's a shame these apps arrive on the app stores. Because indirectly it give an OS a bad name. Yet at the end of the day the app cannot do anything to the users OS. Because the OS is still protecting the user. So it's really the people that allow that app on the store in the first place.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless