Malicious Android App Makes Double Debut On Google Play

Malicious Android App Makes Double Debut On Google Play

Originally Published on this site

Malicious Android App Makes Double Debut On Google Play

Malicious Android App Makes Double Debut On Google Play 1

Open-source Android spyware has appeared twice on Google Play.

Research conducted by ESET discovered the first known instance of spyware based on the open-source espionage tool AhMyth lurking within a radio app available on Google Play. The app in question is Radio Balouch, detected as Android/Spy.Agent.AOX.

On the surface Radio Balouch functions as an internet radio app dedicated to playing the music of the Baloch people, who inhabit Iran, Afghanistan and Pakistan. However, an investigation led by ESET researcher Lukas Stefanko found that the app had been created as a way to spy on people who downloaded it. 

While listeners were enthralled by the sounds of the suroz and the benju, the spyware hidden in the app went to work stealing contact information and harvesting files stored on the devices affected.  

ESET sent a report to Google detailing its discovery. Google’s security team removed the malicious Radio Balouch app within 24 hours, but 10 days later it had been re-posted on Google Play by the original developer.

Stefanko said: “We also detected and reported the second instance of this malware, which was then swiftly removed. However, the fact that Google let the same developer post this evident malware to the store repeatedly is disturbing.” 

The Radio Balouch app first appeared on Google Play on July 2. It returned on July 13 and was again swiftly removed. The app was installed by over 100 people each time it was posted on Google Play. 

Radio Balouch may be the first app containing open-source Android spyware to make it onto Google Play, but it’s unlikely to be the last. Judging from how easily the app returned to Google Play after being removed, Google may wish to put in place some more stringent security measures. 

“Unless Google improves its safeguarding capabilities, a new clone of Radio Balouch or any other derivative of AhMyth may soon appear on Google Play,” said Stefanko. 

Radio Balouch may have ended its brief fling with Google Play, but it is still available on alternative app stores. 

ESET stated: “It has been promoted on a dedicated website, via Instagram, and YouTube. We have reported the malicious nature of the campaign to the respective service providers, but received no response.” 

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)