Google refuses comment on 'aggressive deployment' of Android spyware app in Play store
Google has taken action to curb the spread of Android malware based on "SonicSpy" that besides just exfiltrating personal data from the phone, had the ability to silently record audio, take photos with the camera, make calls, and send text messages.
First spotted by security researchers at Lookout, the malware package had been "aggressively deployed" since February 2017, with several examples actually rolling out on the Google Play store. In each case, the apps masqueraded as cross-protocol messaging applications and installs as a custom version of the commonly used Telegraph.
Specific data able to be purloined from the phone also includes call logs, contacts, information about wi-fi access points, and any personal information retained in the phone. It is unknown if the malware can examine other apps, and retrieve stored passwords.
The researchers tracked back the malware to Iraq. It is not known how many devices may have been infected by the latest malware.
Up to three instances of the malware were removed from Google Play after being notified of the problem -- one confirmed to be purged by Google, and the removal of the other two may have been by the posters themselves. Lookout claims that over a thousand versions of the apps survive elsewhere, and can be side-loaded onto devices by unwary users.
"The actors behind this family have shown that they're capable of getting their spyware into the official app store," wrote Lookout, "and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future."
Multiple requests by press venues to comment on the malware have been met with silence.
Google announced in March that only 0.05 percent of Android users downloaded malware from Google Play in 2016. Out of 1.4 billion active devices, that means that 560,000 device were infected from the official Google Play store alone, not even including side-loading infections.
Apple's last malware problem on iOS was when Chinese hackers distributed a compromised version of Xcode in September 2015. The distribution of the app resulted in 40 infected apps making it onto the App Store for a brief period of time -- and despite some initial confusion about it, all of them were just in the Chinese version of the App Store.
First spotted by security researchers at Lookout, the malware package had been "aggressively deployed" since February 2017, with several examples actually rolling out on the Google Play store. In each case, the apps masqueraded as cross-protocol messaging applications and installs as a custom version of the commonly used Telegraph.
Specific data able to be purloined from the phone also includes call logs, contacts, information about wi-fi access points, and any personal information retained in the phone. It is unknown if the malware can examine other apps, and retrieve stored passwords.
The researchers tracked back the malware to Iraq. It is not known how many devices may have been infected by the latest malware.
Up to three instances of the malware were removed from Google Play after being notified of the problem -- one confirmed to be purged by Google, and the removal of the other two may have been by the posters themselves. Lookout claims that over a thousand versions of the apps survive elsewhere, and can be side-loaded onto devices by unwary users.
"The actors behind this family have shown that they're capable of getting their spyware into the official app store," wrote Lookout, "and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future."
Multiple requests by press venues to comment on the malware have been met with silence.
Google announced in March that only 0.05 percent of Android users downloaded malware from Google Play in 2016. Out of 1.4 billion active devices, that means that 560,000 device were infected from the official Google Play store alone, not even including side-loading infections.
Apple's last malware problem on iOS was when Chinese hackers distributed a compromised version of Xcode in September 2015. The distribution of the app resulted in 40 infected apps making it onto the App Store for a brief period of time -- and despite some initial confusion about it, all of them were just in the Chinese version of the App Store.
Comments
paging Gatorguy for the unofficial Google response...and i do respect Gatorguy's intelligence.
On macOS you can close the garden gate or leave it open.
The attack surface area is greatly enlarged when you allow sideloading or use of unsigned apps.
But choice!
On your second point; since iPhones and Macs have very different use cases and user expectations, I'm not seeing your comment as relevant.
Because the a desktop a different animal as the previous user said. On the desktop the choice is between risk and flexibility. Since most phones are not because being used for software development or complex bulk file handling, then the choice is between security and insecurity.
Who should decide? Apple or the user? Especially when zero risk doesn't exist.
Currently the user cannot decide. There is no choice.
How that plays out would depend on many factors but having the option to decide for yourself and not someone deciding for you is the question.
There have been many cases of legitimate apps getting refused entry or told to modify functionality.
The AI article is correct AFAICT from my own reading: Approximately .05% of Android devices had installed potentially harmful apps via Google Play in 2016 (A rooting app that someone intentionally and knowingly installs is still counted as potentially harmful as far as Google is concerned and part of that 500K).
So it is highly unlikely you or anyone you know or even anyone "your friend" knows would be negatively impacted by it. Not anything worth worrying about IMHO. A stray bullet is probably as likely to harm you. Note that most Play Store malware was found in the Russian and certain South American Play Stores (ie Brazil) so perhaps those folks should be a bit more cautious. In the America's it's generally a non-issue as I read it.
And yes it is technically accurate to describe the three apps that existed on Google Play for a short time as "several". It does make it sound more onerous.
Why are you even arguing this, other than because you have a handful of poo that you need to fling somewhere?
Everyone is invited some people just chose not to join in. It just the cover fee at the door, when you do not have the place to set up a party and can not handle the total number of people you would like to party with then you have to play in someone else's garden and help to cover the costs, everyone is invited, as long as you are willing to pay the cover fee.
Look anyone can set up their own gardens and invited everyone they would like to come and play in their garden, but when you do not have the means or the money for your own garden you have to play by the rules of other people's garden.
everyone wants the benefits of selling to customer apple cultivated, but they do not want to cover some of the costs to cultivate those customers. Apple has all the infrastructure and carries lots of the liability none of which the developer have to deal with.
Get it right, fix, diagnose, or otherwise note that you are working on it, but don't misinform.
I'm also not seeing any difference in the way Google and Apple handle these "events".
Rewind to the post I commented on.
First it was 0.05% and It was number Google put out and other assumed the numerator and denominator behind that statistic. Google never said what that % meant or the numbers behind the %, it could be as simple as that was the % of those who installed those specific apps, but there could be other aps with the same issue which Google is not adding into the numbers.
You know MS use to say the same things that very few people were ever actually infected, then all of sudden computer are being taken over and held for ransom. You do not need to hit them all just the right ones which allow the thieves to make money.
Apple has been historically very protective of its own offerings to the point of not letting competitors encroach on certain areas.
Allowing other App Stores to operate on iOS hardware, however unlikely that is, would represent a true change in attitude. While that isn't an option, there is no real choice.
That said, I think the current model won't last forever.