The Android app that did this is called Radio Balouch, also RB Music, an app for streaming Balouchi music, specific to a
geographical region and population that spreads across Iran, Afghanistan, and Pakistan.
Cyber-security firm ESET said this app, besides containing a legitimate radio streaming component, also integrated AhMyth, an remote access tool that has been available on GitHub as an open source project for more than two years.
In a
technical report published today detailing Radio Balouch's features, ESET said this was the first known instance of a malicous app based on AhMyth reaching the Play Store, something which should have never happened due to AhMyth's age and availability as an open source project of which the Play Store security team should have known about.
"The malicious functionality in AhMyth is not hidden, protected, or obfuscated," said Lukáš Štefanko, malware researcher at ESET, who conducted the investigation into the malicious app. "For this reason, it is trivial to identify the Radio Balouch app - and other derivatives - as malicious and classify them as belonging to the AhMyth family."
"Nothing special was used to bypass either Google's IP or postpone the malicious function. I think it wasn't detected because users first had to set up the app - set the language, allow permissions, go through a couple of 'next' buttons, for an app overview and only then would the malicious code be launched," he told
ZDNet.
www.zdnet.com
