Tech »  Topic »  Android app breaking bad: From legitimate screen recording to file exfiltration within a year

Android app breaking bad: From legitimate screen recording to file exfiltration within a year


ESET researchers have discovered a trojanized Android app that had been available on the Google Play store with over 50,000 installs. The app, named iRecorder – Screen Recorder, was initially uploaded to the store without malicious functionality on September 19th, 2021. However, it appears that malicious functionality was later implemented, most likely in version 1.3.8, which was made available in August 2022.

  • As a Google App Defense Alliance partner, we detected a trojanized app available on the Google Play Store; we named the AhMyth-based malware it contained AhRat.
  • Initially, the iRecorder app did not have any harmful features. What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch.
  • The application’s specific malicious behavior, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign.
  • The malicious app ...

Copyright of this story solely belongs to welivesecurity.com . To see the full text click HERE