![]() However, this functionality can’t be utilized since Google’s recent restrictions only allow the default SMS app to access those messages.Īs AhMyth has more variants whose functionalities vary, the Radio Balouch app and any other malware based on this open-source espionage tool might get further functions in the future via an update.Īfter launch, users choose their preferred language (English or Farsi) in the next step, the app starts requesting permissions. ![]() However, the added malicious functionality enables the app to steal contacts, harvest files stored on the device and send SMS messages from the affected device.įunctionality for stealing SMS messages stored on the device is also present. Its internet radio functionality is bundled with the functionality of AhMyth into one malicious app.Īfter installation, the internet radio component is fully functional, playing a stream of Balouchi music. The malicious Radio Balouch app works on Android 4.2 and above. The Radio Balouch website (left), Instagram account (center) and promotional YouTube video (right) Functionality This one, too, was immediately reported by ESET and swiftly removed by Google.įigure 2. The malicious Radio Balouch app reappeared on Google Play on July 13 th, 2019. We reported the first appearance of this app on the official Android store to the Google security team on July 2 nd, 2019, and it was removed within 24 hours. On Google Play, we discovered different versions of the malicious Radio Balouch app twice and in each case, the app had 100+ installs. In the background, however, the app spies on its victims. Radio Balouch is a fully working streaming radio app for music specific to the Balouchi region (for the sake of consistency, we follow the spelling used in the campaign the most common transcriptions are “Balochi” or “Baluchi”). ![]() We have reported the malicious nature of the campaign to the respective service providers, but received no response. Additionally, it has been promoted on a dedicated website, via Instagram, and YouTube. As the malicious functionality in AhMyth is not hidden, protected or obfuscated, it is trivial to identify the Radio Balouch app – and other derivatives – as malicious, and classify them as belonging to the AhMyth family.īesides Google Play, the malware, detected by ESET as Android/, has been available on alternative app stores. Since then, we have witnessed various malicious apps based on it however, the Radio Balouch app is the very first of them to appear on the official Android app store.ĮSET’s mobile security solution has been protecting users from AhMyth and its derivatives since January 2017 – even before AhMyth went public. The app snuck into the official Android app store twice, but was swiftly removed by Google both times after we alerted the company to it.ĪhMyth, the open-source Remote Access Tool from which the Radio Balouch app borrowed its malicious functionality, was made publicly available in late 2017. The malicious app, called Radio Balouch aka RB Music, is actually a fully working streaming radio app for Balouchi music enthusiasts, except that it comes with a major sting in its tail – stealing personal data of its users. ESET researchers have discovered the first known spyware that is built on the foundations of AhMyth open-source malware and has circumvented Google’s app-vetting process.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |