Apps
Over Thousand Apps Infected with Spyware, Some in Google Play
Lookout researchers have identified over a thousand spyware apps related to a threat actor likely based in Iraq. Belonging to the family “SonicSpy,” these samples have been aggressively deployed since February 2017, with several making their way onto the Google Play Store. Google removed at least one of the apps after Lookout alerted the company.
We discovered this threat after the Lookout Security Cloud analysis stack identified the spyware capabilities, flagging the app to our research team for manual review. All Lookout customers are protected from this threat.
What it does
The sample of SonicSpy most recently found on the Play Store, called Soniac, is marketed as a messaging app. While Soniac does provide this functionality through a customized version of the communications app Telegram, it also contains malicious capabilities that provide an attacker with significant control over a target device.
This includes the ability to silently record audio, take photos with the camera, make outbound calls, send text messages to attacker specified numbers, and retrieve information such as call logs, contacts, and information about Wi-Fi access points.
The overall SonicSpy family supports 73 different remote instructions, including those seen in the Soniac instance.
Upon first execution SonicSpy will remove its launcher icon to hide itself from the victim, establish a connection to C2 infrastructure (arshad93.ddns[.]net:2222), and attempt to install its own custom version of Telegram that is stored in the res/raw directory and titled su.apk.
Determining the functionality
Testing SonicSpy’s malicious functionality was a relatively straight forward process due to how client server communication has been implemented and can be quickly confirmed via DNS poisoning and running netcat.
Running netcat on port 2222 where the DNS record for arshad93.ddns[.]net has been locally poisoned allows us to interact directly with an infected device. Via the A0 command it is possible to retrieve basic device information, followed by call logs (A1), wifi access points (A7), clipboard data (A20), record surrounding audio (A29), before stopping audio recording and retrieving the audio as base64 encoded data (A30).
Potential attribution
Analysed samples were found to contain many similarities to SpyNote, another malware family that was first reported on in mid 2016. There are many indicators that suggest the same actor is behind the development of both. For example, both families share code similarities, regularly make use of dynamic DNS services, and run on the non-standard 2222 port.
In the case of SpyNote, the attacker used a custom-built desktop application to inject malicious code into specific apps so that a victim could still interact with the legitimate functionality of the trojanized apps. Due to the steady stream of SonicSpy apps it seems likely that the actors behind it are using a similar automated-build process, however their desktop tooling has not been recovered at this point in time.
The account behind Soniac, iraqwebservice, has also previously posted two other SonicSpy samples to the Play Store, although both samples are no longer live. It’s unclear whether they were removed as a direct result of Google taking action or if the actor behind SonicSpy removed them in order to evade detection for as long as possible. Cached Play Store pages of these apps, Hulk Messenger and Troy Chat, confirm they were once live and our analysis found they contained the same functionality as other SonicSpy samples.
Cached web content of hulk messenger and troy chat that were also live on the Play Store.
Anyone accessing sensitive information on their mobile device should be concerned about SonicSpy. The actors behind this family have shown that they’re capable of getting their spyware into the official app store and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future.
Apps
Google Maps Integrates Waze Incident Reports for Enhanced Navigation
Google Maps has started to display Waze incident reports during navigation, allowing users to contribute by confirming road conditions via prompts. This integration follows Google’s July announcement that both apps would share more data, including Waze-sourced road closures, construction updates, speed cameras, and police presence information.
Over the holiday weekend, a Reddit user shared a screenshot of a prompt indicating “Police reported ahead” based on Waze driver reports, as reported by 9to5Google and Android Authority. Users can update these reports to reflect current conditions, similar to other incident notifications in Google Maps.
This is the first confirmed sighting of the feature in action, but more reports are expected. Despite merging the teams behind Maps and Waze, Group Project Manager Can Comertoglu told The Verge that the apps will continue to operate separately. Waze’s 500,000-plus contributors prefer some features of Waze over Google Maps, and vice versa.
This new feature enhances Google Maps’ functionality by leveraging Waze’s real-time incident reporting, providing users with more comprehensive and up-to-date information on their routes.
Apps
Yango Maps Launches Live Public Bus and Marine Transport Tracking in Dubai
Yango Maps, the popular navigation app, has introduced a significant upgrade for Dubai users. The app now offers real-time tracking of public buses and marine transport, providing a more efficient and convenient commuting experience.
Thanks to the Roads and Transport Authority (RTA)’s open data policy, Yango Maps can now display accurate and up-to-date locations of public transportation vehicles. By switching to the “Transport” tab, users can easily view the real-time movement of buses and ferries on the map.
The app also allows users to search for specific bus numbers and view their routes, stops, and estimated arrival times. This feature is particularly useful during peak hours or in extreme weather conditions, as it helps users plan their journeys efficiently and avoid unnecessary waiting.
Yango Maps continues to evolve with innovative features that aim to simplify urban navigation. By incorporating real-time public transport data, the app empowers users to make informed decisions and optimize their daily commutes.
Apps
PetWatch App Launches in the UAE
Today marks the official launch of PetWatch, a revolutionary app designed to cater to the soaring number of pet owners in the UAE. As pet ownership has surged by 25% in the last five years, PetWatch emerges as a solution to the growing demand for reliable pet care. By connecting pet owners with certified sitters, PetWatch fosters a community-driven approach to ensure the well-being of furry friends.
A recent PetWatch survey underscored the concerns of pet owners, with over 68% expressing doubts about the reliability of pet sitters. To address these concerns, PetWatch has implemented a stringent vetting process for all sitters on its platform. Each sitter undergoes rigorous training and certification to guarantee they meet the highest standards of pet care, providing pet owners with peace of mind.
“PetWatch was created out of a genuine need among pet owners. We understand the worries that arise when leaving a beloved pet behind,” said Monja Madan, Founder of PetWatch. “Our platform connects pet owners with trusted sitters and builds a community where pets are cherished as family. With love, trust, and safety at its core, we strongly believe PetWatch app will reform pet care in the UAE.”
PetWatch stands out with its commitment to quality and community. Here’s why:
- Certified Caregivers: Every PetWatch sitter completes our rigorous training program, ensuring they have the skills to provide exceptional pet care.
- Thorough Vetting: Our team personally verifies each sitter, including ID checks and in-person meetings, building trust between owners and sitters.
- Continuous Learning: Our sitters learn from professional vets and dog trainers, gaining hands-on experience and preparing them for any pet situation.
- Dedicated Support: PetWatch offers daily customer support, providing owners and sitters with expert advice and resources.
Other features include:
- Personalized Profiles: Create detailed profiles for your pet and sitter to find the perfect match.
- Vaccination Management: Track vaccination records and receive reminders for upcoming shots.
- In-App Communication: Chat, share photos, and stay connected with your sitter.
- GPS Tracking: Monitor your pet’s location for added peace of mind.
- Comprehensive Checklist: Ensure all pet care needs are met with customizable checklists.
- Easy Payments: Handle transactions seamlessly within the app.
PetWatch addresses common concerns like trust and time constraints. By connecting owners with certified sitters, offering personalized features, and fostering a supportive community, PetWatch ensures your furry friend is always in the best hands. “By combining certified expertise with robust community engagement, PetWatch empowers pet owners and sitters alike,” added Madan. “PetWatch represents more than just a platform; it’s a movement toward a better way to care for our pets.”
To further enhance the pet care experience, PetWatch is expanding its platform to include health-tracking tools and educational resources. This will empower pet owners with valuable information about their pet’s health and behaviour.