GREAT NEWS FROM THE WAR AGAINST VULNERABILITIES. Security firm Lookout has found a nasty-ass spyware family making a home for itself in the Google Play store, before the threat, known as SonicSpy, got its skanky butt kicked out.
That is a very brief description of the war that Lookout took part in, and we ought to give the company its platform, particularly as things prefixed by Sonic tend to be interesting. See hedgehogs for an example. Screwdrivers are another. And if Sonic is interesting, what about Spy? We are in safari suit-level Roger Moore territory here.
"Lookout Security Intelligence researchers discovered the spyware in Google Play and connected it to a known malicious actor potentially operating out of Iraq," said Michael Flossman, Security Research Services Tech Lead in a blog post, or if you like ‘as a hologram in the middle of a meeting of both virtual and meat-based important people.
"We have discovered over a thousand SonicSpy apps found live in the Google Play store.
Imagine the response. All non-Apple users will reach for their pockets and handguns and Flossman will raise his own hands in an indication that people need to cool down, and say, as he does in the blog: "Google has since removed the app… All Lookout customers are protected from this threat".
SonicSpy is a sneaky little menace with all the classic signs of a capable spyware app. Flossman said that it would ape the behaviour of the messaging software that it was supposed to be it was actually betraying them on a massive scale.
"SonicSpy is a classic spyware app. Our analysis found the malicious app can: silently record audio; take photos with the camera; make outbound calls; send text messages to attacker-specified numbers; and retrieve call logs, contacts, and information about Wi-Fi access points. In fact, the malware has the ability to respond to over 73 different remote commands, meaning attackers can manipulate a victim's device from afar through a command and control server," he said.
"Once successfully on the device, it provides the victim the advertised messaging functionality while simultaneously stealing data, building a false sense of trust with the victim. This kind of functionality should be highly concerning to any party accessing sensitive information through mobile devices, including enterprises."
We would break in here to add that this should just be "EVERYONE". But Lookout does have a point when it says that workers travelling on important trips use such apps for easy chats. When malware looks like cheap an cheerful chat it might be quite enticing to the tired and jetlagged worker.
"Enterprises often send employees overseas for conferences, customer meetings, etc and while traveling, employees use messaging apps to communicate with coworkers and family back home. Apps like SonicSpy capitalize on this by pretending to be trustworthy apps in well-known marketplaces," explained Flossman.
"It's clear that the malicious actor(s) behind SonicSpy wanted the app to persist on the victim's device, so they made sure to incorporate the functionality that the end user was expecting. Spoofing an encrypted communications app also shows the actor's interest in gathering sensitive information. Spyware causes serious data compromise."
It is also a huge P in the A. µ
The week in Google in brief
Sega hedgehogging its bets
And not a purple duck in sight