Researchers at the security firm Lookout have identified a family of malicious smartphone apps, referred to as SonicSpy. At least three versions of the malware, which is able to remotely control infected phones, made it onto Google’s Play store.
Anyone who installs the compromised apps will find they have full messaging functionality. But in the background, according to Lookout, the apps are able to hijack a variety of basic phone functions. That includes making outbound calls, sending text messages, and harvesting call logs, contacts, and Wi-Fi data.
According to Lookout, a developer, possibly based in Iraq, built over a thousand malicious messaging apps by weaving spy functions into the public source code for a legitimate (and quite popular) messenger app called Telegram. The developer rebranded the resulting apps with names including Soniac, Hulk Messenger, and (in an apparent bit of humor) Troy Chat. Those three were actually successfully listed on Google Play (googl), though they’ve since been pulled.
Get Data Sheet, Fortune’s technology newsletter.
In an email to Ars Technica, Lookout researcher Michael Flossman said that the apps might also be distributed through direct phishing texts with download links, or through non-Google app markets. For instance, there’s still a listing for Soniac on a site called App Geyser.
“The actors behind this family have shown that they’re capable of getting their spyware into the official app store,” Lookout writes, “and its build process is automated.” That suggests similar deceptive apps could make it into the Play Store again.
The use of stealthy Android applications to spread malware is becoming increasingly common and sophisticated. While the SonicSpy trojanware looks fairly low-rent, researchers in May uncovered malware being distributed through the fairly polished and popular “Judy” series of cooking and lifestyle games, which had also outsmarted Google’s screening process.
According to Lookout, as many as 47 out of 1,000 Android devices has “encountered an app-based threat.”
- Pandemic thriller Utopia on Amazon might be the perfect viewing
- 2021 Jaguar F-Pace refreshed with new styling, luxury and tech
- 2020 Halloween full moon: This year’s spooky spectacle brings a rare twist
- The best minimalist wallet for 2020
- NASA chief calls for prioritizing Venus after surprise find hints at alien life
- YouTube is adding a new Shorts feature to rival TikTok and Instagram Reels
- Paul Rudd, world’s youngest 51-year-old, tells fellow kids to mask up
- Jonathan Majors to join MCU as villain Kang the Conquerer, report says
- TikTok ban won’t prevent employees from being paid, US says in filing