Contacts-slurping Android malware sneaked onto Google Play store – twice

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

Android spyware – open-source spyware, no less – has found its way onto the Google Play store, according to researchers from ESET.

The nefarious software masqueraded as a fully functional internet radio app targeted at the Balouch people of Pakistan, Afghanistan and Iran, the Slovakian threat intel outfit said.

As well as relaying genuine Balouchi music, the malicious radio app also incorporated the AhMyth open-source remote-access trojan. It can be found on Github, of all places.

“The malicious functionality in AhMyth is not hidden, protected, or obfuscated. For this reason, it is trivial to identify the Radio Balouch app – and other derivatives – as malicious and classify them as belonging to the AhMyth family,” opined Lukáš Štefanko, the ESET researcher who took a close look at the app.

In a detailed statement about the malware, ESET explained: “For C&C communication, Radio Balouch relies on its (now defunct) radiobalouch[.]com domain. This is where it would send information it has gathered about its victims – notably information about the compromised devices, and the victims’ contacts lists. As with the account credentials, the C&C traffic is transmitted unencrypted over an HTTP connection.”

The number of downloads of Radio Balouch’s app was noted by ESET to be in the hundreds.

What was most concerning, however, was ESET’s observation that the app was on the Google Play store – which is supposedly vetted to stop malware-laden apps from entering, but managed to enter at least twice to their knowledge.

The app’s legitimacy was astroturfed through the creation of YouTube and Instagram accounts, making it seem superficially legitimate.

Google Play’s review processes, whatever they are, are not known for their thoroughness. Just a few weeks ago 130,000 people were known to have downloaded stalkerware, intended for silently monitoring spouses without their knowledge, while in January security biz Trend Micro reckoned nine million had been infected with malware from… the Google Play store!

The best thing you can do to defend against dodgy apps is to check them out before downloading and scan new downloads with a reputable and up-to-date anti-malware suite, as well as keeping a close eye on what permissions new and existing apps alike are demanding.

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha AbhiyanEthical Hacking Training InstituteCEHv10CHFIECSAv10CASTENSACCNACCNA SECURITYMCITPRHCECHECKPOINT,  ASA FIREWALLVMWARECLOUDANDROIDIPHONENETWORKINGHARDWARETRAINING INSTITUTE IN PUNECertified Ethical HackingCSA Certified SOC AnalystCTIA EC-Council Certified Threat Intelligence AnalystCenter For Advanced Security Training in Indiaceh v10 course in Pune-Indiaceh certification in pune-Indiaceh v10 training in Pune-IndiaEthical Hacking Course in Pune-India

The post Contacts-slurping Android malware sneaked onto Google Play store – twice appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.



from Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity https://ift.tt/2L3OWzr

Comments