Irecorder plus11/11/2023 Back then, the spyware, built on the foundations of AhMyth, circumvented Google’s app-vetting process twice, as a malicious app providing radio streaming. However, this is not the first time that AhMyth-based Android malware has been available on the official store ESET previously published research on such a trojanized app in 2019. The malicious app is capable of recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign.īesides the Google Play Store, ESET Research has not detected AhRat anywhere else in the wild. The malicious code that was added to the clean version of iRecorder is based on the open-source AhMyth Android RAT (remote access trojan) and has been customized into what ESET named AhRat. During its existence, the app was installed on more than 50,000 devices. It was available on Google Play as a legitimate app in September 2021, with malicious functionality most likely added in August 2022. The malicious app with over 50,000 downloads was removed from Google Play after ESET Research’s alert ESET has not detected AhRat anywhere else in the wild.īRATISLAVA, KOŠICE - ESET researchers have discovered a trojanized Android app named iRecorder - Screen Recorder.The application’s specific malicious behavior, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign.What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch. Initially, the iRecorder app did not have any harmful features.As a Google App Defense Alliance partner, ESET detected a trojanized app available on the Google Play Store and named the AhMyth-based malware it contained AhRat.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |