Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Open-source spyware makes it on the Google Play Store

August 25, 2019
in Internet Security
Open-source spyware makes it on the Google Play Store
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Melbourne, Australia – May 23, 2016: Close-up view of Google Play Store on Android smartphone and Apple’s App Store on iPhone. Both stores allow users to download app, music, movies and TV shows.

You might also like

100+ critical IT policies every company needs, ready for download

ExpressVPN review: A fine VPN service, but is it worth the price?

Microsoft Defender for Endpoint now protects unmanaged BYO devices


/ Getty Images

You know Play Store security scans are really bad when spyware based on open source code manages to slip past Google’s defenses, not once, but twice.

The Android app that did this is called Radio Balouch, also RB Music, an app for streaming Balouchi music, specific to a geographical region and population that spreads across Iran, Afghanistan, and Pakistan.

Cyber-security firm ESET said this app, besides containing a legitimate radio streaming component, also integrated AhMyth, an remote access tool that has been available on GitHub as an open source project for more than two years.

Should have been avoidable

In a technical report published today detailing Radio Balouch’s features, ESET said this was the first known instance of a malicous app based on AhMyth reaching the Play Store, something which should have never happened due to AhMyth’s age and availability as an open source project of which the Play Store security team should have known about.

“The malicious functionality in AhMyth is not hidden, protected, or obfuscated,” said Lukáš Štefanko, malware researcher at ESET, who conducted the investigation into the malicious app. “For this reason, it is trivial to identify the Radio Balouch app – and other derivatives – as malicious and classify them as belonging to the AhMyth family.”

“Nothing special was used to bypass either Google’s IP or postpone the malicious function. I think it wasn’t detected because users first had to set up the app – set the language, allow permissions, go through a couple of ‘next’ buttons, for an app overview and only then would the malicious code be launched,” he told ZDNet.

Štefanko said ESET spotted two instances of the malware being uploaded on the Play Store, one on July 2, and the second on July 13. Both were removed within a day, but only after they contacted the Play Store staff.

While the two apps never managed to get more than 100 installs, the problem here was the fact that they ended up on the Play Store using nothing more than unobfuscated open-source code.

“The (repeated) appearance of the Radio Balouch malware on the Google Play store should serve as a wake-up call to both the Google security team and Android users,” Štefanko said.

“Unless Google improves its safeguarding capabilities, a new clone of Radio Balouch or any other derivative of AhMyth may appear on Google Play,” he added.

Google did not return a request for comment from ZDNet regarding the background of this major Play Store security slip-up.

Play Store still better than any alternative

In the meantime, the malicious Radio Balouch app remains available for download via third-party Android app stores.

While the Play Store team might have failed users this time, the advice that users should limit the app they install on their phones to the ones they get from the Play Store remains valid.

Google still puts considerable effort into scanning for malicious apps, compared to any other third-party store, both pre and post app installation.

They might have bungled AhMyth’s detection, but the Play Store staff catches billions other threats every year.

Nevertheless, Štefanko also recommends that users install a mobile security app, just to be safe, in case Google misses anything, like in this case.

Since the two mallicious app targeted Iranian users, the targets of many cyber-espionage campaigns carried out in the past by Iranian state-sponsored groups, ZDNet also asked Štefanko if Radio Balouch was the work of such a group.

“That was also the first thing that came up to me, but I didn’t find any connection to any Iranian or other APT,” the ESET researcher told ZDNet.

Updated an hour after publication with additional comments from Štefanko.

Credit: Zdnet

Previous Post

Gloomy Stock Market Faces New China Taunt: We'll Get 'Last Laugh'

Next Post

Artificial intelligence and machine learning are the next frontiers for ETFs

Related Posts

100+ critical IT policies every company needs, ready for download
Internet Security

100+ critical IT policies every company needs, ready for download

April 15, 2021
ExpressVPN review: A fine VPN service, but is it worth the price?
Internet Security

ExpressVPN review: A fine VPN service, but is it worth the price?

April 15, 2021
Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
ASIO boss says he’s not concerned with Australian Parliament’s March outage
Internet Security

ASIO boss says he’s not concerned with Australian Parliament’s March outage

April 14, 2021
Next Post
Artificial intelligence and machine learning are the next frontiers for ETFs

Artificial intelligence and machine learning are the next frontiers for ETFs

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

100+ critical IT policies every company needs, ready for download
Internet Security

100+ critical IT policies every company needs, ready for download

April 15, 2021
NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers
Internet Privacy

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

April 15, 2021
AI.Reverie names Aayush Prakash as Head of Machine Learning
Machine Learning

AI.Reverie names Aayush Prakash as Head of Machine Learning

April 15, 2021
Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021
Neural Networks

Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021

April 15, 2021
How to Analyze Influencer Campaign Performance
Marketing Technology

How to Analyze Influencer Campaign Performance

April 15, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

How AI helps Overwatch League process 410M data points to build power rankings – IBM Developer

April 15, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 100+ critical IT policies every company needs, ready for download April 15, 2021
  • NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers April 15, 2021
  • AI.Reverie names Aayush Prakash as Head of Machine Learning April 15, 2021
  • Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021 April 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates