Jena – Google has undoubtedly done a lot for the security of its store and malicious apps in recent years. The Google Play Store is considered the most secure source for downloading Android apps. Users risk getting infected software there too – as happened in the case of the alleged radio streaming apps "Balouchi Music". ESET researchers have discovered the first known cases of spyware based on the open source spyware tool AhMyth. This special spy program adheres to an internet radio app for friends with specific Balochi music. Your espionage features can easily be linked to any other app.
Google removed the apps in question immediately after being notified by ESET. The event shows two things: First, even Google's security review process cannot guarantee 1
The Radio Balouch app deceives Google for the first time
The malicious feature of the Radio Balouch app is based on the end of 2017 widely available remote access tool AhMyth. Since then, ESET researchers have discovered various malicious apps based on it. However, Radio Balouch is the first of its kind that actually came to the Google Play Store.
ESET's mobile security solution for Android devices has been protecting its users from AhMyth and its variants since January 2017. ESET detects malicious software such as Android / Spy.Agent.AOX.
Features of the Radio Balouch app
The Spyware app runs on Android 4.2 and later. It allows cyber criminals to steal contact information and files from the smartphone, as well as send SMS messages from the compromised device. Theoretically, the app can also see the saved SMS. However, this only works for the standard SMS app because Google has previously adjusted the rights of Android devices.
Google responds quickly to ESET Note
In the Google Play Store, ESET discovered two different Radio Balouch Apps. Both were installed more than a hundred times each. The first app was reported by the security specialist to Google's security team on July 2, 2019. Within 24 hours, they removed the malicious application. The attackers have released the app back to Google Play for a short time. "We also discovered and reported the second app with this malicious software, which was quickly removed. The fact that the developers have twice succeeded in bringing the obvious malicious software back to Google Play is worrying," said Lukáš Štefanko, ESET malware researcher. (ESET / mc / ps)
For detailed information and graphics, visit ESET Securityblog WeLiveSecurity.de:??19459011achtehttps://www.welivesecurity.com/english/2019/08/22/android-spyware-google-Play Store /