ESET researchers discovered malware installed on 50,000 Android smartphones.
ESET has shared with the press a discovery that is as surprising as it is worrying. According to cybersecurity specialists, the application ” iRecorder on Android went rogue in a year and spies on its users. The accusation is serious, especially since the application in question has been downloaded at least 50,000 times on the Play Store. Although Google is making its store more secure, it is also available on alternative stores.
To read – Google Play Store: ads officially land in the search bar
As the name suggests, iRecorder allows users to record videos of their device screen. He is appeared on the Play Store in September 2021, and therefore contained no malicious code. However, a year later, an update turned it into malware. Its developer, or someone else, it has yet to be determined, has inserted a Trojan horse, baptized AhRata malignant variant of AhMyth, an open-source remote access software.
AhRat is an Android malware that steals your data and records you without your knowledge
iRecorder has been “dormant” for a year, then woke up. As the app has all the administrative rights on the phones, obtained at the time of installation, it began to record audio through the microphones of the users’ smartphones, without their knowledge of course, or even ” exfiltrate files whose extensions represent saved web pages, images, audio and video files, documents, as well as file formats used to compress multiple files”.
A process which suggests that the malware is the cog in a major espionage campaign. Indeed, as AhRat was detected only in this specific application, one can imagine that it was specially designed for “the occasion”. According to the researchers, “the case of AhRat is a good example of how an initially legitimate application can turn into a malicious application. […] Fortunately, preventative measures have already been implemented in Android 11 in the form of a application standby “.
Source : We Live Security
