ESET malware researchers have made a disturbing discovery—a new remote access trojan (RAT) lurking within an Android screen recording app available on the Google Play Store. Initially added to the store in September 2021, the app named ‘iRecorder – Screen Recorder’ fell victim to a malicious update released nearly a year later in August 2022.

iRecorder entry in Google Play (ESET)

Cleverly leveraging its name, the app successfully requested permissions to record audio and access files on infected devices, cleverly aligning with the expected functionalities of a legitimate screen recording tool. Unfortunately, this led to over 50,000 installations of the app on the Google Play Store, leaving users vulnerable to malware infections.

Following ESET’s notification about the app’s malicious behavior, the Google Play security team promptly removed it from the store. However, it is crucial to note that the iRecorder app may still be found on alternative and unofficial Android markets. Additionally, it’s worth mentioning that while the iRecorder developer offers other applications on Google Play, those do not contain any malicious code.

The malware in question, known as AhRat, is an Android RAT based on the open-source AhMyth RAT. AhRat exhibits a broad range of capabilities, including location tracking of infected devices, stealing call logs, contacts, and text messages, sending SMS messages, capturing images, and recording background audio.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: info@blackhatethicalhacking.com

Source: bleepingcomputer.com

Source Link