Android music player app uses spyware to steal sensitive information from infected devices

SonicWall Capture Labs raised an alert on an Android music streaming app that reuses software code from a relatively older malware program called Ahmyth RAT to steal sensitive data from the device.

Cyber Security

 A Remote Access Trojan (RAT) enters a device through diversion applications, freeware or email connections. Once the user runs the executable records unconsciously, this RAT introduces itself in the framework memory and hacks the application.

The streaming Android music player app that goes by the name RB music was found to contain spyware related components of the said Ahmyth RAT that allows it to steal sensitive information from the infected device. While the original intention was to give the victims a fully working streaming music player to evade suspicion and steal sensitive information in the background, upon starting the app though, a number of features like online music streaming were not functioning as desired, which actually gave way to the finding. Once the device is infected, the attacker can command the RAT to perform a number of functions including but not limited to viewing call logs, viewing & Sending SMS, veining contacts, files & GPS location of the device.

Commenting on this development Debasish Mukherjee, Country Manager India & SAARC, SonicWall said, ‘It is a common practice to reuse software codes to enhance efficiency in the software development cycle and is followed by many developers, including malware developers. It is not uncommon to see malware writers reuse parts of code from other malware families or malware that were active in the past said. This threat showcases how malware writers reuse code from other malware samples and package legitimate applications with malicious code.’

A lot of times malicious applications do not contain usable code and once executed these apps simply do not do anything. But sometimes malware writers’ package legitimate or working apps with malicious components. In such cases if the victim is not vigilant, he may never suspect that his device is already infected with malware. Here is where SonicWall Capture Labs provides protection against this threat with a customised signature - AndroidOS.Ahmyth.RB


Tags assigned to this article:
SonicWall spyware malware android trojan Remote Access Trojan


Around The World