+1 (323) 990-2722 [email protected]

forenzy-logo

Offensive Security. Continuous Protection.

 

Contact Info

[email protected]

United States +1 (323) 990-2722

India +91-81411-97000

United Kingdom +44 7868 234600

Learn More

Follow Us

Defend Your Device: How to Stay Safe from Android Malware Threats like SonicSpy”

b1
Forenzy Security Team July 29, 2021 0 Comments

SonicSpy Spyware

Android malware SonicSpy has been spotted in wild on the Official Google Play Store. Researchers reported 1000+ apps being hosted by the same Iraqi Developer. It has been aggressively deployed on Play Store since Feb 2017.

Things to Know About SonicSpy

SonicSpy, The android malware was providing surface to its developer to steal various sensitive user information such as call logs, reading about Wifi Access points, contacts etc.

It was also helping intruder to remotely perform various spy operations such as Making outbound calls, Send Text Messages, Silently Recording Audio by enabling Microphone etc.

How does SonicSpy works?

SonicSpy uses Command and Control mechanism to take over victim’s android phone. Google Bouncer, The Official Google Play Service was failed to detect these spywares. SonicSpy malware family support more than 60 different remote instructions responsible for performing various spy activities like enabling camera, taking picture, recording audio etc.

Forenzy's Android Incident Response Team has done detailed analysis on "SonicSpy" Android Spyware. The facts and analysis are as per following:

1. Analysis of package “sys.arshad.sys” (One of the App with “SonicSpy” Spyware)

Permissions required by Malicious App “sys.arshad.sys”

b3step1
2.The developer signature and C&C (Command and Control) URL was observed to arshad93.ddns[dot]net. The port used to spawn the shell was observed to 2222. The attacker seems to be using Dynamic DNS services to constantly change IP of C&C server.

Following analysis shows use of Dynamic DNS services to load C&C instructions

b3step2

How to protect against SonicSpy?

Google has removed all malicious apps which were owned by SonicSpy developers. In order to be safe against these attacks, be careful while downloading apps. Don’t install apps from third-party websites except Play Store, The Official Google’s App Store. Run malware scans regularly on your Android phones. For any further queries, feel free to reach us via our contact-us page.

Forenzy Security Team

The Forenzy Security Team publishes research on penetration testing, threat intelligence, CVE analysis, and enterprise cybersecurity best practices.

Leave Comment

©2024 Forenzy Networks Private Limited. All rights reserved.