An alarming discovery has come to light as cybersecurity firm ESET reveals that the widely-used app, “iRecorder – Screen Recorder,” has been compromised by malicious software.
Details of the Malware:
The app, previously available on Google’s app store and boasting thousands of downloads, was originally innocuous. However, it underwent a sinister transformation. In a shocking revelation, it was found to be gathering microphone recordings and other user files without consent. By the time it was removed from the store, it had already infiltrated over 50,000 devices.
The Malicious Code – AhRat:
ESET’s investigation exposed that in an update almost a year after its initial launch in September 2021, the app introduced a malicious code named AhRat. AhRat is a nefarious variant of the open-source Remote Access Trojan (RAT) known as AhMyth, notorious for its ability to grant unauthorized access to the victim’s device, functioning as both spyware and stalkerware.
The rogue code enabled the app to surreptitiously record a minute of ambient sound through the device’s microphone every 15 minutes. Moreover, it facilitated the unauthorized transfer of documents, web pages, and media materials from the user’s phone.
Security Expert Insights:
Lukas Stefanko, a prominent security researcher at ESET, elucidated that the app’s inherent nature provided a conducive environment for the malicious code to operate within the boundaries of its predefined permission model. Stefanko speculates that this malicious code might be part of a larger-scale espionage campaign, possibly orchestrated by governments or for financial gains. Despite rigorous efforts by Google and Apple to screen apps for malware, certain malicious apps can elude detection. The identity of the perpetrator behind the implantation of the malicious code into the iRecorder app remains shrouded in mystery.
Immediate Action Required:
If you have inadvertently installed the “iRecorder – Screen Recorder” app on your device, it is imperative that you take immediate action. You are strongly advised to delete the app without delay, safeguarding your privacy and security.