Cyber-security researchers warn of messenger apps with spy software

SophosLabs researchers have found three dangerous apps on Google Play

Sonic-spy infused apps have the ability to record audio, take photos with the device’s camera, make calls, send text messages and retrieve data from contacts and call logs. Photograph: iStock
Sonic-spy infused apps have the ability to record audio, take photos with the device’s camera, make calls, send text messages and retrieve data from contacts and call logs. Photograph: iStock

Cyber-security researchers have warned against using certain phone messenger applications because they have the capability to steal data from the devices they infect.

The researchers from SophosLabs, an IT security product company, have identified three cases of "'sonic-spy" infused apps in Google Play, the official app store for Android devices.

According to Bill Brenner from Sophos, sonic-spy infused apps have the ability to record audio, take photos with the device's camera, make calls, send text messages, and retrieve data from contacts and call logs.

Identified apps

Mr Brenner identified the apps that can hide their spying functionality as Soniac, Hulk Messenger, and Troy Chat. It is understood that Google removed the apps from its store after they were discovered.

READ SOME MORE

"Google gets criticism when these things are found on Google Play but when they are found they generally take them down. They try to screen as much of this stuff as possible, but it's difficult," Mr Brenner told The Irish Times.

Asked how consumers come across this sort of app in the first place, Mr Brenner said: “When a person is downloading an app that turns out to be malicious, almost never are they aware that it’s malicious. Maybe they find an app that looks like a WhatsApp type of programme and they decide that they want it, or they find an app that looks like a good delivery conduit for music . . . and its typically unbeknownst to the user that there’s code baked into some of these apps that allow the bad guys to go through their contacts, get access to their camera, go through their text messages and ultimately getting into banking apps.”

Sonic-spy apps

Added to the three apps identified on Google’s platform, SophosLabs counted 3,240 sonic-spy apps in total, while some reports put the number as high as 4,000. “The average Android user isn’t going to know what techniques the malware used to reach their device’s doorstep, but they can do much to keep it from getting in,” Mr Brenner said.

He advised users to stick to Google Play, avoid apps with a poor reputation, and ensure the software on your phone is as up-to-date as possible.

Asked whether users of Apple's IOS system could be affected by similar apps, Mr Brenner said that while there is malware designed to affect Apple users, it's a lot harder to get apps into its app store than it is with Google.

Peter Hamilton

Peter Hamilton

Peter Hamilton is a contributor to The Irish Times specialising in business