On the surface, Radio Balouch is an Internet radio application, but a team led by ESET researcher Lukas Stefanko found that the app was designed to monitor the people who downloaded it.
Although the app does have song play areas for singers such as suroz and benju, spyware hidden in the app starts stealing contact information and collecting files stored on the affected device.
ESET sent a report to Google detailing its findings. Google’s security team removed the malicious Radio Balouch app within 24 hours, but 10 days later, the original developer has republished it to Google Play.
Stefanko said: "We also detected and reported a second instance of this malware, and then found that Google quickly removed it again. However, Google allowed the same developer to repeatedly release this obvious malware to the store. People are upset."
The Radio Balouch app first appeared on Google Play on July 2. After deletion, it went online again on July 13 and was quickly deleted again. It is reported that the app will be installed by more than 100 people each time it is released on Google Play.
Radio Balouch is probably the first application to include open source Android spyware, and has the ability to go online with Google Play, but it's unlikely to be the last one. From the ease of returning to Google Play after the app is removed, Google may want to take some more rigorous security measures.
"Unless Google improves its security, a new clone of Radio Balouch or any other derivative of AhMyth may soon appear on Google Play," Stefanko said.
Radio Balouch may have ended its monitoring behavior on Google Play, but it can still be used in other app stores.
ESET said: "It has been promoted on dedicated websites, Instagram and YouTube. We have reported the malicious nature of the event to their respective service providers, but have not received any response."