 |
| Credit;istoc |
It has been reported that a dangerous application is circulating in the Google Play Store. The application in question is called iRecorder Screen Recorder, and it reportedly records the sounds of users' phones without their permission. Initially, this sound recording application was considered credible and had been downloaded by tens of thousands of people. However, a security vulnerability in the Google Play Store allowed malicious code to be injected into the application, putting users at risk.
Cybersecurity researchers at ESET have discovered hidden malware ads inside the application. After discovering this issue, ESET immediately reported it to Google.
The iRecorder - Screen Recorder application was first launched in 2021 and had no history of malware before being updated in August 2022. According to TheRegister on May 31, 2023, researchers discovered that the screen recording application added a secret backdoor.
This backdoor code was based on AhMyth, a type of spyware. The implementation of AhMyth in the updated Android application has been dubbed AhRat by ESET. This software records audio clips from the microphone of infected devices.
"Lukas Stefanko of ESET stated that AhRat can also be instructed to extract files with extensions from web pages, images, audio, video, and document files, as well as the file format used to compress multiple files."
Stefanko then repeatedly installed iRecorder on his device and found that the application received instructions to record 1 minute of audio and send it to a cybercriminal server. The application would then receive the same instructions every 15 minutes.
In 2019, ESET also reported on two cases of AhMyth attacking the Google Play Store. AhRat does not have many features from its original malware. According to Stefanko, this indicates that the variant may be 'lightweight' and designed to hide itself better within official applications.
ESET has not yet seen AhMyth in other applications besides iRecorder. The application, as well as all other items by the developer, were removed from the Google Play Store after being reported.
It is unclear how long the dangerous version of this recording application was available on the Google Play Store or how many people were affected. ESET only reported that the software had exceeded 50,000 downloads on the Google Play Store overall.
