Radio Balouch app was first reported on Google Play on July 2 and removed a day later. A comeback was spotted on July 13 and Google acted quickly to boot it. Android malware researcher at ESET says that AhMyth-based spyware is available on alternative app stores and has been promoted on Instagram and YouTube. Until now, there have not been any reports of apps built on AhMyth that enjoyed worldwide distribution through Google Play. Unless Google improves screening, clones of this app or derivatives of AhMyth are likely to appear in Play Store.
Source: https://www.bleepingcomputer.com/news/security/google-twice-misses-android-app-with-open-source-spyware-code/