Researchers Discover Spyware-Laden Telegram Android App Clones

The Android ecosystem has been targeted often by cybercriminals these past few months. Dozens of applications have been removed from the Google Play Store due to malicious code. It now appears a whole new batch of spyware-laden Android apps have been discovered. At least three problematic apps were identified, although there may be more creations still out there from the same nefarious developer.

Yet Another Major Concern for Android Users

Relying on an Android smartphone is slowly becoming  a security risk. Although the platform is far more open compared to iOS, that is one of its weak points. Anyone can build applications for Android and have them vetted by the Google Play Store team. However, it seems the chance of malicious apps slipping through have increased due to the vast amount of new software submitted for review every single week.

Indeed, there is no other explanation as to why three more apps containing spyware have been identified in the Google Play Store. Lookout, a renowned security firm, identified these programs last week, claiming that all three contain an advanced form of spyware. It is believed these apps were created by an Iraqi coder, although that has yet to be officially confirmed.

To create these apps, the author simply modified the Telegram application and injected spyware code. The app was then rebranded and uploaded to the Play Store under new names. They are known as Soniac, Hulk Messenger, and Troy Chat. Other clones may be out there as well, for all we know, and the instant messaging application market may see similar threats in the future.

It is not entirely surprising that Lookout has successfully identified these apps at this time. The company has been going through a long list of Android apps in search of the SonicSpy spyware tool. This appears to be the updated version of SpyNote, another type of Android spyware which made the rounds a few years ago. It is possible the same person is responsible for both types of malware as well as the recently discovered apps in the Google Play Store.

What makes SonicSpy so frightening and troublesome is the fact that it comes packed with myriad “features”. It is more than capable of recording audio, taking photos, making outbound calls, or sending SMS messages. All of those activities are quite worrisome, especially when they affect one’s personal device. The software also enables the transmission of certain data when connected through WiFi access points, although it is unclear if this is a way to communicate with a centralized command & control server.

Even though SonicSpy packs in a ton of dangerous features, it is completely harmless unless an Android user were to grant it the appropriate privileges. After installing any of the three aforementioned apps, the user is asked to grant permissions to the application in question. Doing so opens up one’s device to all of this spyware’s tricks, which could have dire consequences. Happily, all three apps have now been removed from the Play Store.