{"id":3652,"date":"2019-08-22T15:30:22","date_gmt":"2019-08-22T12:30:22","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=3652"},"modified":"2019-09-17T13:10:41","modified_gmt":"2019-09-17T10:10:41","slug":"first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/","title":{"rendered":"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play"},"content":{"rendered":"\n

ESET researchers have discovered the first known spyware that is built on the foundations of AhMyth open-source malware and has circumvented Google\u2019s app-vetting process. The malicious app, called Radio Balouch aka RB Music, is actually a fully working streaming radio app for Balouchi music enthusiasts, except that it comes with a major sting in its tail \u2013 stealing personal data of its users. The app snuck into the official Android app store twice, but was swiftly removed by Google both times after we alerted the company to it.<\/p>\n\n\n\n

AhMyth, the open-source Remote Access Tool from which the Radio Balouch app borrowed its malicious functionality, was made publicly available<\/a> in late 2017. Since then, we have witnessed various malicious apps based on it; however, the Radio Balouch app is the very first of them to appear on the official Android app store.<\/p>\n\n\n\n

ESET\u2019s mobile security solution has been protecting users from AhMyth and its derivatives since January 2017 \u2013 even before AhMyth went public. As the malicious functionality in AhMyth is not hidden, protected or obfuscated, it is trivial to identify the Radio Balouch app \u2013 and other derivatives \u2013 as malicious, and classify them as belonging to the AhMyth family.<\/p>\n\n\n\n

Besides Google Play, the malware, detected by ESET as Android\/Spy.Agent.AOX, has been available on alternative app stores. Additionally, it has been promoted on a dedicated website, via Instagram, and YouTube. We have reported the malicious nature of the campaign to the respective service providers, but received no response.<\/p>\n\n\n\n

Radio Balouch is a fully working streaming radio app for music specific to the Balouchi region<\/a> (for the sake of consistency, we follow the spelling used in the campaign; the most common transcription is \u201cBalochi\u201d or \u201cBaluchi\u201d). In the background, however, the app spies on its victims.<\/p>\n\n\n\n

On Google Play, we discovered different versions of the malicious Radio Balouch app twice and in each case, the app had 100+ installs. We reported the first appearance of this app on the official Android store to the Google security team on July 2nd<\/sup>, 2019, and it was removed within 24 hours.<\/p>\n\n\n\n

The malicious Radio Balouch app reappeared on Google Play on July 13th<\/sup>, 2019. This one, too, was immediately reported by ESET and swiftly removed by Google.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Figure 1. The malicious Radio Balouch app appeared twice on Google Play<\/em><\/p>\n\n\n\n

After being removed from Google Play, the malicious radio app is only available on third-party app stores at the time of writing. It has also been distributed from a dedicated website, radiobalouch[.]com, via a link promoted via a related Instagram account. This server was also used for the spyware\u2019s C&C communications (see below). The domain was registered on March 30th<\/sup>, 2019, and shortly after our complaint, the website was down and still is at the time of writing.<\/p>\n\n\n\n

The attackers\u2019 Instagram account still, at the time of writing, serves a link to the app that has been removed from Google Play. They have also set up a YouTube channel with one video introducing the app; apparently, they don\u2019t promote it as the video has a mere 21 views at the time of writing.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Figure 2. The Radio Balouch website (left), Instagram account (center) and promotional YouTube video (right)<\/em><\/p>\n\n\n\n

Functionality<\/strong><\/p>\n\n\n\n

The malicious Radio Balouch app works on Android 4.2 and above. Its internet radio functionality is bundled with the functionality of AhMyth into one malicious app.<\/p>\n\n\n\n

After installation, the internet radio component is fully functional, playing a stream of Balouchi music. However, the added malicious functionality enables the app to steal contacts, harvest files stored on the device and send SMS messages from the affected device.<\/p>\n\n\n\n

Functionality for stealing SMS messages stored on the device is also present. However, this functionality can\u2019t be utilized since Google\u2019s recent restrictions only allow the default SMS app to access those messages.<\/p>\n\n\n\n

As AhMyth has more variants whose functionalities vary, the Radio Balouch app and any other malware based on this open-source espionage tool might get further functions in the future via an update.<\/p>\n\n\n\n

After launch, users choose their preferred language (English or Farsi); in the next step, the app starts requesting permissions. First, it requests access to files on the device, which is a legitimate permission for a radio app to enable its functionality; if declined, the radio would not work.<\/p>\n\n\n\n

Then, the app requests the permission to access contacts. Here, to camouflage its request for this permission, it suggests this functionality is necessary should the user decide to share the app with friends in their contact list. If the user declines to grant the contact permissions, the app will work regardless.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Figure 3. Radio Balouch app\u2019s permissions requests<\/em><\/p>\n\n\n\n

After the setup, the app opens its home screen with music options, and offers the option to register and login. However, any \u201cregistering\u201d is meaningless as any input will bring the user into the \u201clogined\u201d state, in the operators\u2019 poor English. Probably, this step has been added to lure credentials from the victims and try to break into other services using the obtained passwords \u2013 a reminder to never reuse passwords across services. On a side note: the credentials are transmitted unencrypted, over an HTTP connection.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Figure 4. Radio Balouch app\u2019s Home (left) and Settings (right) screens<\/em><\/p>\n\n\n\n

For C&C communication, Radio Balouch relies on its (now defunct) radiobalouch[.]com domain. This is where it would send information it has gathered about its victims \u2013 notably information about the compromised devices, and the victims\u2019 contacts lists. As with the account credentials, the C&C traffic is transmitted unencrypted over an HTTP connection.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Figure 5. Radio Balouch\u2019s communication with its C&C server<\/em><\/p>\n\n\n\n

Conclusion<\/strong><\/p>\n\n\n\n

The (repeated) appearance of the Radio Balouch malware on the Google Play store should serve as a wake-up call to both the Google security team and Android users. Unless Google improves its safeguarding capabilities, a new clone of Radio Balouch or any other derivative of AhMyth may appear on Google Play.<\/p>\n\n\n\n

While the key security imperative \u201cStick with official sources of apps\u201d still holds, it alone can\u2019t guarantee security. It is highly recommended that users scrutinize every app they intend to install on their devices and use a reputable mobile security solution.<\/p>\n\n\n\n

Indicators of Compromise (IoCs)<\/strong><\/p>\n\n\n\n
Hash<\/th>ESET detection name<\/th><\/tr><\/thead>
F2000B5E26E878318E2A3E5DB2CE834B2F191D56<\/td>Android\/Spy.Agent.AOX<\/td><\/tr>
AA5C1B67625EABF4BD839563BF235206FAE453EF<\/td>Android\/Spy.Agent.AOX<\/td><\/tr><\/tbody><\/table>\n","protected":false},"excerpt":{"rendered":"

ESET researchers have discovered the first known spyware that is built on the foundations of AhMyth open-source malware and has circumvented Google\u2019s app-vetting process. The malicious app, called Radio Balouch aka RB Music, is actually a fully working streaming radio app for Balouchi music enthusiasts, except that it comes with a major sting in its<\/p>\n","protected":false},"author":5,"featured_media":3658,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[160],"tags":[],"class_list":["post-3652","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware"],"acf":[],"yoast_head":"\nFirst\u2011of\u2011its\u2011kind spyware sneaks into Google Play - ESET Eesti Blogi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play\" \/>\n<meta property=\"og:description\" content=\"ESET researchers have discovered the first known spyware that is built on the foundations of AhMyth open-source malware and has circumvented Google\u2019s app-vetting process. The malicious app, called Radio Balouch aka RB Music, is actually a fully working streaming radio app for Balouchi music enthusiasts, except that it comes with a major sting in its\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/\" \/>\n<meta property=\"og:site_name\" content=\"ESET Eesti Blogi\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/antiviirus\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-22T12:30:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-09-17T10:10:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/08\/spyware_insta_socialimage.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"ESET Blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ESET Blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/\"},\"author\":{\"name\":\"ESET Blog\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"headline\":\"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play\",\"datePublished\":\"2019-08-22T12:30:22+00:00\",\"dateModified\":\"2019-09-17T10:10:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/\"},\"wordCount\":1073,\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/spyware_insta_socialimage.png\",\"articleSection\":[\"malware\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2019\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/\",\"name\":\"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play - ESET Eesti Blogi\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/spyware_insta_socialimage.png\",\"datePublished\":\"2019-08-22T12:30:22+00:00\",\"dateModified\":\"2019-09-17T10:10:41+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/spyware_insta_socialimage.png\",\"contentUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/spyware_insta_socialimage.png\",\"width\":800,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\",\"name\":\"ESET Eesti Blogi\",\"description\":\"Uudised IT maailmast\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\",\"name\":\"ESET Blog\",\"sameAs\":[\"http:\\\/\\\/eset.ee\"],\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/author\\\/allankinsigo\\\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/08\\\/22\\\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\\\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"ESET EESTI\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play - ESET Eesti Blogi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/","og_locale":"en_US","og_type":"article","og_title":"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play","og_description":"ESET researchers have discovered the first known spyware that is built on the foundations of AhMyth open-source malware and has circumvented Google\u2019s app-vetting process. The malicious app, called Radio Balouch aka RB Music, is actually a fully working streaming radio app for Balouchi music enthusiasts, except that it comes with a major sting in its","og_url":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/","og_site_name":"ESET Eesti Blogi","article_publisher":"http:\/\/www.facebook.com\/antiviirus","article_published_time":"2019-08-22T12:30:22+00:00","article_modified_time":"2019-09-17T10:10:41+00:00","og_image":[{"width":800,"height":800,"url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/08\/spyware_insta_socialimage.png","type":"image\/png"}],"author":"ESET Blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ESET Blog","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/#article","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/"},"author":{"name":"ESET Blog","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"headline":"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play","datePublished":"2019-08-22T12:30:22+00:00","dateModified":"2019-09-17T10:10:41+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/"},"wordCount":1073,"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/08\/spyware_insta_socialimage.png","articleSection":["malware"],"inLanguage":"en-US","copyrightYear":"2019","copyrightHolder":{"@id":"https:\/\/blog.eset.ee\/et\/#organization"}},{"@type":"WebPage","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/","url":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/","name":"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play - ESET Eesti Blogi","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/#primaryimage"},"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/08\/spyware_insta_socialimage.png","datePublished":"2019-08-22T12:30:22+00:00","dateModified":"2019-09-17T10:10:41+00:00","author":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"breadcrumb":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/#primaryimage","url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/08\/spyware_insta_socialimage.png","contentUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/08\/spyware_insta_socialimage.png","width":800,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.eset.ee\/et\/en\/"},{"@type":"ListItem","position":2,"name":"First\u2011of\u2011its\u2011kind spyware sneaks into Google Play"}]},{"@type":"WebSite","@id":"https:\/\/blog.eset.ee\/et\/en\/#website","url":"https:\/\/blog.eset.ee\/et\/en\/","name":"ESET Eesti Blogi","description":"Uudised IT maailmast","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.eset.ee\/et\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88","name":"ESET Blog","sameAs":["http:\/\/eset.ee"],"url":"https:\/\/blog.eset.ee\/et\/en\/author\/allankinsigo\/"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/08\/22\/first%e2%80%91of%e2%80%91its%e2%80%91kind-spyware-sneaks-into-google-play\/#local-main-organization-logo","url":"","contentUrl":"","caption":"ESET EESTI"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/3652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=3652"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/3652\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/3658"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=3652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=3652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=3652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}