It has been denounced by FBI and the U.S. Department of Homeland Security cybersecurity experts: It could arrive from Russian Ryuk ransomware gang.
ESET: Radio Balouch aka RB Music app. It’s a spyware built on the foundations of AhMyth open-source malware. It’s spread via Google Play, alternative app stores, and on a dedicated website
Cyber espionage on mobile passes through fake streaming radio. ESET cyber security experts discovered the first known spyware that is built on the foundations of AhMyth open-source malware and has circumvented Google’s app-vetting process. The malicious app, called Radio Balouch aka RB Music, is actually a fully working streaming radio app for Balouchi music enthusiasts, except that it comes with a major sting in its tail – stealing personal data of its users. The app snuck into the official Android app store twice, but was swiftly removed by Google both times after we alerted the company to it. Besides Google Play, the malicious app has been available on alternative app stores. Additionally, it has been promoted on a dedicated website, via Instagram, and YouTube.
The cyber security experts: AhMyth infects the Android devices with the help of Android apps that implant to the targeted devices and opens a backdoor to spy the victim activities and steal the data
According to the cyber security experts, AhMyth is an open-source espionage tool developed to infect the Android devices with the help of Android apps that implant to the targeted devices and opens a backdoor to spy the victim activities and steal the data. A desktop application based on electron framework act as a command and control server operating by the attackers to send further commands and obtain the information. There are several apps were used this AhMyth spyware since 2017, But Radio Balouch is the first one that officially appeared in Google play store. AhMyth advertising selling in Chinese- and English-speaking underground forum that focuses more on Android devices.