Featured Sponsor
Store | Link | Sample Product |
---|---|---|
UK Artful Impressions | Premiere Etsy Store |
A cybersecurity firm says a popular Android screen recording app that racked up tens of thousands of downloads on the Google app store has subsequently started spying on its users, including stealing microphone recordings and other documents from the user’s phone. .
ESET’s investigation found that the Android app, “iRecorder — Screen Recorder”, introduced the malicious code as an app update almost a year after it first appeared on Google Play. The code, according to ESET, allowed the app to stealthily upload a minute of ambient audio from the device’s microphone every 15 minutes, as well as leak documents, web pages, and media files from the user’s phone.
the application is no longer on the list on Google Play. If you have installed the app, you need to remove it from your device. By the time the malicious app was removed from the app store, it had accumulated more than 50,000 downloads.
ESET is calling the malware AhRat, a customized version of an open source remote access Trojan called AhMyth. Remote Access Trojans (or RATs) take advantage of broad access to a victim’s device and can often include remote control, but they also work similarly to spyware and stalker.
Lukas Stefanko, an ESET security researcher who discovered the malware, said in a blog post that the iRecorder app did not contain any malicious features when it was first released in September 2021.
Once the AhRat malware was pushed as an app update to existing users (and to new users who would download the app directly from Google Play), the app began stealthily accessing the user’s microphone and uploading phone data. of the user on a server controlled by the malware. operator. Stefanko said the audio recording “fits with the app’s permissions model already defined,” given that the app was designed by nature to capture device screen recordings and would request access to the device’s microphone.
It is not clear who planted the malicious code, either the developer or someone else, or for what reason. TechCrunch sent an email to the developer’s email address that was listed on the app before it was pulled, but has yet to hear back.
Stefanko said the malicious code is likely part of a broader espionage campaign, where hackers work to gather information on their chosen targets, sometimes on behalf of governments or for financial reasons. He said it was “rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code.”
Is it is not uncommon for bad apps sneak into the app stores, nor is it the first time that AhMyth broke through on Google Play. Both Google and Apple scan apps for malware before listing them for download and sometimes act proactively to extract apps when they could put users at risk. Google last year saying prevented more than 1.4 million privacy-violating apps from reaching Google Play.
—————————————————-
We’re happy to share our sponsored content because that’s how we monetize our site!
Article | Link |
---|---|
UK Artful Impressions | Premiere Etsy Store |
Sponsored Content | View |
ASUS Vivobook Review | View |
Ted Lasso’s MacBook Guide | View |
Alpilean Energy Boost | View |
Japanese Weight Loss | View |
MacBook Air i3 vs i5 | View |
Liberty Shield | View |