This previously legitimate Android app is now secretly recording and uninstalling you

Technology News / By /

ESET researchers discovered malware installed on 50,000 Android smartphones.

Photo credit: 123rf

ESET has shared a surprising and worrying discovery with the press. According to cybersecurity specialists, the application is ” iRecorder for Android is no longer available within a year and spies on its users. The allegation is serious, especially since the application in question has already been downloaded at least 50,000 times from the Play Store. Although Google makes its store more secure, it is also available on alternative stores.

Read – Google Play Store: Ads officially end up in the search bar

As the name suggests, iRecorder allows users to record videos from their device’s screen. He is was released on the Play Store in September 2021and therefore did not contain any malicious code. But a year later, an update turned it into malware. Its developer or someone else, it has yet to be determined, inserted it a Trojan horse baptized AhRata malicious variant of AhMyth, an open-source remote access software.

AhRat is an Android malware that steals your data and records you without your knowledge

iRecorder has been “dormant” for a year., then I woke up. Since the app has all the administrative rights on the phones, purchased at the time of installation, it started recording audio through the users’ smartphones’ microphones, of course without their knowledge, or even ” exfiltrate files whose extensions represent saved web pages, images, audio and video files, documents, and file formats used to compress multiple files”.

A process that suggests that The malware is the cog in a major espionage campaign. Since AhRat was only discovered in this particular application, one can imagine that it was designed specifically for “this occasion”. According to the researchers, “The AhRat case is a good example of how an initially legitimate application can become a malicious application.” […] Fortunately, preventive measures have already been implemented in Android 11 in the form of a Application Standby “.

Source: We live security