Previously known open-source Android spyware makes its debut on Google Play

By: ESET Middle East
 
DUBAI INTERNET CITY, UAE - Aug. 26, 2019 - PRLog -- ESET researchers have discovered the first known instances of spyware based on the open-source espionage tool called AhMyth.

AhMyth, from which the internet radio app borrowed its malicious functionality, was made publicly available in late 2017. Since then, various malicious apps based on AhMyth have appeared. However, the above-mentioned app, named Radio Balouch, is the very first of them to make it onto the official Android app store, Google Play.

ESET Mobile Security for Android has protected against AhMyth and its derivatives since January 2017, even before AhMyth went public. "The malicious functionality in AhMyth is not hidden, protected, or obfuscated. For this reason, it is trivial to identify the Radio Balouch app – and other derivatives – as malicious and classify them as belonging to the AhMyth family," comments Lukáš Štefanko, malware researcher at ESET who conducted the investigation.

After ESET reported the discovery to Google, its security team removed the malicious Radio Balouch app from the store. The attackers, however, were quick to make the app reappear on Google Play.

Radio Balouch, detected by ESET as Android/Spy.Agent.AOX, has been promoted on a dedicated website, Instagram, and YouTube. After having been removed from Google Play, it is now only available on alternative app stores.

This app is a fully functional internet radio application for music specific to the Balochi region. In the background, however, it spies on its users: it can steal contacts and harvest files stored on the affected device.

According to ESET researchers, the repeated appearance of the malicious Radio Balouch app on the Google Play store should serve as a wake-up call to both the Google security team and Android users. "Unless Google improves its safeguarding capabilities, a new clone of Radio Balouch or any other derivative of AhMyth could again appear on Google Play," comments Lukáš Štefanko. "The key security imperative - to stick with official sources of apps- still holds; however, that alone can't guarantee security. We highly recommend users scrutinize every app they intend to install on their device and use a reputable mobile security solution," concludes ESET's Štefanko.

https://www.welivesecurity.com/ (https://www.welivesecurity.com/2019/08/22/first-spyware-a...)
End
Email:***@vistarmea.com Email Verified
Tags:Eset
Industry:Technology
Location:Dubai Internet City - Dubai - United Arab Emirates
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse



Like PRLog?
9K2K1K
Click to Share