![]() ![]() The malicious code that was added to the clean version of iRecorder is based on the open-source AhMyth Android RAT (remote access trojan) and has been customized into what we named AhRat.īesides this one case, we have not detected AhRat anywhere else in the wild. It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code. The malicious app with over 50,000 downloads was removed from Google Play after our alert we have not detected AhRat anywhere else in the wild.The application’s specific malicious behavior, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign.What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch. Initially, the iRecorder app did not have any harmful features.As a Google App Defense Alliance partner, we detected a trojanized app available on the Google Play Store we named the AhMyth-based malware it contained AhRat. ![]() However, it appears that malicious functionality was later implemented, most likely in version 1.3.8, which was made available in August 2022. The app, named iRecorder - Screen Recorder, was initially uploaded to the store without malicious functionality on September 19 th, 2021. ESET researchers have discovered a trojanized Android app that had been available on the Google Play store with over 50,000 installs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |