Android users are being warned after security experts discovered a “disturbing” Google Play Store threat.
Android is one of the most used pieces of software in the world, with over two billion devices running the Google mobile OS each and every month.
However Android users are no strangers to security alerts, with some recent widespread threats being circulated via apps found on the Google Play Store.
Six Android apps that were downloaded a staggering 90million times from the Google Play Store were found to have been loaded with the PreAMo malware.
While another recent threat saw 50 malware-filled apps on the Google Play Store infect over 30million Android devices.
And now Android users are being warned once again about a “disturbing” Google Play Store threat.
Security experts are warning Android users after a rogue spyware app was discovered on the Google Play Store twice.
The spyware is based on an open-source espionage tool called AhMyth and is hidden in a fully working app that streams music.
However, it also steals an Android user’s personal data.
In this instance the spyware was attached to an app playing Balochi music but the spying capabilities may easily be attached to any other app.
The spyware-filled app was discovered by researchers at ESET who reported it to Google.
The search engine giant removed the app from the Play Store but it wasn’t long till it was put back on the official app marketplace by the attackers.
ESET malware researcher Lukas Stefanko said: “The malicious functionality in AhMyth is not hidden, protected, or obfuscated.
“For this reason, it is trivial to identify the Radio Balouch app – and other derivatives – as malicious and classify them as belonging to the AhMyth family.”
Stefanko added: “We also detected and reported the second instance of this malware, which was then swiftly removed.
“However, the fact that Google let the same developer post this evident malware to the store repeatedly is disturbing”.
The offending app, Radio Balouch, has since been removed from the Google Play Store and can only be found now on alternative app stores, ESET explained in a post online.
ESET said the repeated appearance of the malicious app on the Play Store should serve as a wake-up call to the Google security team and Android users.
Stefanko said: “The key security imperative to stick with official sources of apps still holds; however, that alone can’t guarantee security.
“We highly recommend users to scrutinise every app they intend to install on their device and use a reputable mobile security solution”.
• Stay tuned to Express.co.uk for more Android news