A spy app has managed to circumvent the Google Play Store verification process twice, according to information released by cybersecurity company ESET last Thursday (22). Spyware, known as RB Music or Radio Balouch, offered radio streaming to fans of a Pakistani music genre to hide their malicious intent and steal personal data from Android users.
The streaming app based on the open source spy tool AhMyth, made publicly available at the end of 2017. Although several malicious applications were already built from malware, RB Music was the first to enter the Play Store.
Fake apps fool eight million people; know how to avoid
RB Music spyware has appeared twice on Google Play Store Photo: Divulgao / ESET
Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc
According to Lukas Stefanko, a researcher who discovered spyware, Radio Balouch was loaded twice at the search giant's app store on July 2 and 13, and claimed more than 200 casualties at any given time. In both cases, ESET alerted Google, which removed the app within 24 hours. However, RB Music is still available from third-party app stores.
After installation, spyware asked for permission to access device files and contacts and sent information about the victims to a command and control server. Data was transmitted over an HTTP connection without any kind of encryption.
Stefanko believes that unless Google improves its protection tools, new copies of RB Music or any other AhMyth-derived application may appear in the Play Store. "Although the 'use only apps from official sources' imperative is still valid, it alone is not able to guarantee security," warns the ESET researcher. "It is highly recommended that users examine all apps they intend to install on their devices and use a reliable mobile security solution."
Remember that Google has been trying to improve the application approval process to avoid problems. The company releases quarterly safety reports (https://transparencyreport.google/android-security/overview) and removal of harmful apps through Google Play Protect.
How to Remove Virus on an Android Phone