Android Music Player App RB Music Uses Spyware to Steal Sensitive Info
The streaming Android music player app that goes by the name RB music was found to contain spyware related components of the said Ahmyth RAT that allows it to steal sensitive information from the infected device.
SonicWall Capture Labs raised an alert on an Android music streaming app that reuses software code from a relatively older malware program called Ahmyth RAT to steal sensitive data from the device. A Remote Access Trojan (RAT) enters a device through diversion applications, freeware or email connections. Once the user runs the executable records unconsciously, this RAT introduces itself in the framework memory and hacks the application.
The streaming Android music player app that goes by the name RB music was found to contain spyware related components of the said Ahmyth RAT that allows it to steal sensitive information from the infected device. While the original intention was to give the victims a fully working streaming music player to evade suspicion and steal sensitive information in the background, upon starting the app though, a number of features like online music streaming was not functioning as desired, which actually gave way to the finding. Once the device is infected, the attacker can command the RAT to perform a number of functions including but not limited to viewing call logs, viewing & sending SMS, veining contacts, files & GPS location of the device.
Commenting on this development Debasish Mukherjee, Country Manager India & SAARC, SonicWALL said that it is a common practice to reuse software codes to enhance efficiency in the software development cycle and is followed by many developers, including malware developers. It is not uncommon to see malware writers reuse parts of code from other malware families or malware that were active in the past. This threat showcases how malware writers reuse code from other malware samples and package legitimate applications with malicious code, he said.
A lot of times malicious applications do not contain usable code and once executed these apps simply do not do anything. But sometimes malware writers’ package legitimate or working apps with malicious components. In such cases, if the victim is not vigilant, he may never suspect that his device is already infected with malware. Here is where SonicWall Capture Labs provides protection against this threat with a customised signature - AndroidOS.Ahmyth.RB.
SonicWall has been fighting the cybercriminal industry for over 27 years defending small and medium businesses, enterprises and government agencies worldwide. The award-winning, real-time breach detection and prevention solutions, which are supported by extensive research work done by SonicWall Capture Labs, secure more than a million networks, and their emails, applications and data across 215+ countries and territories. These organizations run more effectively and fear less about security.