Home Security Knowledge Stealing Malware Found in Widespread Android Display screen Recorder App

Knowledge Stealing Malware Found in Widespread Android Display screen Recorder App

by crpt os


May 24, 2023Ravie LakshmananMobile Security / Data Safety

Google has removed a screen recording app named “iRecorder – Screen Recorder” from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app.

The app (APK package name “com.tsoft.app.iscreenrecorder”), which accrued over 50,000 installations, was first uploaded on September 19, 2021. The malicious functionality is believed to have been introduced in version 1.3.8, which was released on August 24, 2022.

“It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code,” ESET security researcher Lukáš Štefanko said in a technical report.

“The malicious code that was added to the clean version of iRecorder is based on the open source AhMyth Android RAT (remote access trojan) and has been customized into what we named AhRat.”

iRecorder was first flagged as harboring the AhMyth trojan on October 28, 2022, by Kaspersky security analyst Igor Golovin, indicating that the app managed to stay accessible all this time and even received a new update as recently as February 26, 2023.

iRecorder - Screen Recorder

The application’s malicious behavior specially involves extracting microphone recordings and harvesting files with specific extensions, with ESET describing AhRat as a lightweight version of AhMyth.

The data gathering characteristic points to a possible espionage motive, although there is no evidence to link the activity to any known threat actor. However, AhMyth has been previously employed by Transparent Tribe in attacks targeting South Asia.

iRecorder - Screen Recorder

iRecorder is the work of a developer named Coffeeholic Dev, who has also released several other apps over the years. None of them are accessible as of writing –

  • iBlock (com.tsoft.app.iblock.ad)
  • iCleaner (com.isolar.icleaner)
  • iEmail (com.tsoft.app.email)
  • iLock (com.tsoft.app.ilock)
  • iVideoDownload (com.tsoft.app.ivideodownload)
  • iVPN (com.ivpn.speed)
  • File speaker (com.teasoft.filespeaker)
  • QR Saver (com.teasoft.qrsaver)
  • Tin nóng tin lạnh (read: Hot news and cold news in Vietnamese) (com.teasoft.news)

This development is just the latest example of malware adopting a technique called versioning, which refers to uploading a clean version of the app to the Play Store to build trust among users and then adding malicious code at a later stage via app updates, in a bid to slip through the app review process.

“The AhRat research case serves as a good example of how an initially legitimate application can transform into a malicious one, even after many months, spying on its users and compromising their privacy,” Štefanko said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex