ESET researchers have discovered a spyware present in two apps on the Google Play Store, which were immediately deleted
Another bad figure of the security team that should prevent landing virus-infected apps, malware, trojans on the Google Play Store harming users and devices. ESET, an Eastern European cybersecurity firm, has discovered two apps on the Play Store, "Radio Balouch" and its variant "RB Radio", infected with AhMyth virus.
The serious thing, though, is that AhMyth is an open source virus, published on GitHub over two years ago and strange to security experts. Open source, however, does not mean harmless: AhMyth is a "Remote Access Trojan" (RAT) and allows hackers to remotely monitor and control the infected device. Therefore, the consequences of AhMyth infection could be anything but negligible. Luckily, however, the installations of the two infected apps were very few: about a hundred. Both apps were only removed after ESET reported them to Google.
Which apps are infected by AhMith
The two infected apps were also minimal because they are two "niche" apps: both are streaming radios specializing in the "Balochi" music genre, which is very popular in Belucistan (a region in Asia that straddles Iran, Afghanistan and Pakistan). The apps were absolutely real and working, but they were infected with the AhMit virus.
It should have been avoided
AhMyth's dangerousness is well known to security experts and its code is public, so Google had all the tools to intercept this trojan inside the two apps. Lukáš Štefanko, the ESET malware expert who identified the two infected apps, says that for Google to discover them before publication was a "trivial" task. And, instead, the apps containing the malware were published twice: first on July 2 and second on July 13. In both cases, they were removed by Google the next day, but only because ESET researchers flagged them.
Is Google Play Store Safe?
While Google Play Store didn't look great in this affair, it has to be said that other app stores didn't look any safer either. In fact, the two apps removed from the Play Store are still available elsewhere and no one has removed them despite reports. Štefanko recommends that users install a secure mobile app to make up for the shortcomings of the Google Play Store and other competing stores.