ESET found open source Android malware on Play Store which steals personal data of its users

open source Android malware

Image: welivesecurity

Security research firm ESET discovered the malicious information theft of open-source Android spyware on Google Play. It is reported that the first spyware is based on the spyware instance of the open-source spy tool AhMyth lurking in a broadcast application on Google Play. The app is Radio Balouch, detected as Android / Spy.Agent.AOX.

On the surface, Radio Balouch is an Internet radio application, but a team led by ESET researcher Lukas Stefanko found that the app was designed to monitor the people who downloaded it. Although the app does have song play areas for singers, spyware hidden in the app starts stealing contact information and collecting files stored on the affected device. ESET sent a report to Google detailing its findings. Google’s security team removed the malicious Radio Balouch app within 24 hours, but 10 days later, the original developer has republished it to Google Play.

Image: welivesecurity

The Radio Balouch app first appeared on Google Play on July 2. After deletion, it went online again on July 13 and was quickly deleted again. It is reported that the app will be installed by more than 100 people each time it is released on Google Play. Radio Balouch is probably the first application to include open-source Android spyware and has the ability to go online with Google Play. From the ease of returning to Google Play after the app is removed, Google may want to take some more rigorous security measures.