RB music uses spyware to steal sensitive information from the infected device
SonicWall Capture Labs raised an alert on an Android music streaming app that reuses software code from a relatively older malware program called Ahmyth RAT to steal sensitive data from the device. A Remote Access Trojan (RAT) enters a device through diversion applications, freeware or email connections. Once the user runs the executable records unconsciously, this RAT introduces itself in the framework memory and hacks the application.
The spyware-containing app, called Radio Balouch or RB Music, is based on the open source espionage tool called AhMyth. Its malicious intentions are cleverly hidden. The app offers fully working streaming radio for Balouchi music enthusiasts–but it also steals your personal data. A question comes on when the android spyware on the Play Store: What happened and what does the app do?
The streaming Android music player app that goes by the name RB music was found to contain spyware related components of the said Ahmyth RAT that allows it to steal sensitive information from the infected device. While the original intention was to give the victims a fully working streaming music player to evade suspicion and steal sensitive information in the background, upon starting the app though, a number of features like online music streaming were not functioning as desired, which actually gave way to the finding. Once the device is infected, the attacker can command the RAT to perform a number of functions including but not limited to viewing call logs, viewing & Sending SMS, veining contacts, files & GPS location of the device
Commenting on this development Debasish Mukherjee, Country Manager India & SAARC, SonicWALL said, It is a common practice to reuse software codes to enhance efficiency in the software development cycle and is followed by many developers, including malware developers. It is not uncommon to see malware writers reuse parts of code from other malware families or malware that were active in the past said. This threat showcases how malware writers reuse code from other malware samples and package legitimate applications with malicious code.
A lot of times malicious applications do not contain usable code and once executed these apps simply do not do anything. But sometimes malware writers’ package legitimate or working apps with malicious components. In such cases if the victim is not vigilant, he may never suspect that his device is already infected with malware. Here is where SonicWall Capture Labs provides protection against this threat with a customised signature - AndroidOS.Ahmyth.RB