Open-source spyware bypasses Google Play defenses — twice

43

Google Play Store continues to attract sketchy Android apps despite its best efforts to vet incoming apps for malware.

In a new report published by security firm ESET, researchers have discovered the first known instance of an open-source spyware bypassing the internet giant’s app store vetting process — twice.

Radio Balouch — the app in question — is a legitimate radio app serving Balouchi music enthusiasts, except that it also included AhMyth, a remote access espionage tool that has been available on GitHub as an open-source project since late 2017.

Lukas Stefanko, ESET researcher who uncovered the campaign, said the app was uploaded twice on Google Play — once on July 2 and a second time on July 13 — and that Google swiftly removed them within 24 hours upon being alerted by the security team. It continues to be available on third-party app stores.

While the service’s dedicated website “radiobalouch.com” is no longer accessible, the attackers also seem to have promoted the app on Instagram and YouTube. The app, in total, attracted over 100 installs.

Upon launch, the app was found to ask for permission to access the device’s files and contacts, and “send information it has gathered about its victims — notably information about the compromised devices, and the victims’ contacts lists” to a C&C server — the now-defunct radiobalouch.com — domain.

Worse, the information was transmitted unencrypted over an HTTP connection. That a successful spyware incorporated an open-source malware is alarming enough, but the fact that the same app got by Google’s defenses twice is a real cause for concern.

Not only does it raises questions about Google’s supposed vetting process, it leaves unsuspecting users at risk of getting their data hijacked by malicious actors.

Still, the same rule of caution applies. It’s always best to keep your phone’s software up to date, refrain from downloading apps from unknown sources, and be cautious of the permissions requested by apps.

“While the key security imperative ‘Stick with official sources of apps’ still holds, it alone can’t guarantee security,” Stefanko said. “It is highly recommended that users scrutinize every app they intend to install on their devices.”

Let’s block ads! (Why?)

Read more here: The Next Web

Get real time updates directly on you device, subscribe now.

Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time
You might also like

Leave A Reply

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More