08-13-2017 , 08:14 PM
Quote:Researchers from mobile security firm Lookout say they found at least three Android apps on the Google Play Store that contained a form of advanced spyware they believe was created by an Iraqi developer.
Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store.
Three apps made it to the Play Store:
In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself.
At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
Researchers believe the same developer created both spyware families. They base their theory on the fact that both apps used dynamic DNS services that ran on the non-standard port of 2222, and both were decompiled, injected with the malicious code, and recompiled with the same desktop utility, possibly part of a custom automated build system.
Read the full article: HERE