This Android app extracted microphone recordings, stole files of users - Have you been using it too?

The application's specific malicious behaviour, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign, the researchers noted.

This Android app extracted microphone recordings, stole files of users - Have you been using it too?
This is not the first time that AhMyth-based Android malware has been available on Google Play.

Cyber-security researchers have identified a trojanised Android app that was available on Google Play store with over 50,000 installs, extracted microphone recordings and stole files with specific extensions from the users.

The app, named iRecorder-Screen Recorder, was initially uploaded to the store without malicious functionality in 2021.

"However, it appears that malicious functionality was later implemented, most likely in version 1.3.8, which was made available in August 2022," said ESET researchers.

Aside from providing legitimate screen recording functionality, the malicious iRecorder can record surrounding audio from the device's microphone and upload it to the attacker's command and control (C&C) server.

It can also exfiltrate files with extensions representing saved web pages, images, audio, video, and document files, and file formats used for compressing multiple files, from the device.

The application's specific malicious behaviour, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign, the researchers noted.

The malicious app was removed from Google Play after the researchers alerted the tech giant.

"It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code. The malicious code that was added to the clean version of iRecorder is based on the open-source AhMyth Android RAT (remote access trojan) and has been customised into what we named AhRat," the team explained.

This is not the first time that AhMyth-based Android malware has been available on Google Play.

The ESET researchers previously published research on one such trojanized app in 2019.

Back then, the spyware, built on the foundations of AhMyth, circumvented Google's app-vetting process twice, as a malicious app providing radio streaming.

The research serves as a good example of how an initially legitimate application can transform into a malicious one, even after many months, spying on its users and compromising their privacy.

"While it is possible that the app developer had intended to build up a user base before compromising their Android devices through an update or that a malicious actor introduced this change in the app; so far, we have no evidence for either of these hypotheses," said the ESET team.

Get Latest Business News, Stock Market Updates and Videos; Check your tax outgo through Income Tax Calculator and save money through our Personal Finance coverage. Check Business Breaking News Live on Zee Business Twitter and Facebook. Subscribe on YouTube.

RECOMMENDED STORIES

https://www.zeebiz.com/personal-finance/photo-gallery-latest-fd-interest-rates-for-senior-citizens-know-what-major-banks-like-icici-bank-hdfc-bank-of-baroda-sbi-canara-bank-axis-bank-providing-currently-on-fixed-deposits-calculator-327278

Senior Citizen Latest FD Rates: Know what major banks like SBI, PNB, Canara Bank, HDFC Bank, ICICI Bank are providing on fixed deposits

https://www.zeebiz.com/personal-finance/photo-gallery-gratuity-calculator-inr-rs-38000-as-last-drawn-basic-salary-pay-and-5-years-5-months-of-service-know-gratuity-amount-payment-act-1972-eligibility-criteria-conditions-employer-employees-wage-327018

Gratuity Calculator: Rs 38,000 as last-drawn basic salary, 5 years and 5 months of service; what will be gratuity amount?

https://www.zeebiz.com/personal-finance/photo-gallery-epfo-retirement-pension-scheme-early-pension-superannuation-disablement-widow-child-orphan-pension-online-login-passbook-employee-provident-fund-327598

EPFO Pension Schemes: Early pension, retirement pension, nominee pension and 4 other pension schemes that every private sector employee should know

https://www.zeebiz.com/trending/photo-gallery-delhi-aqi-today-air-pollution-level-falls-to-very-poor-quality-schools-closed-work-from-home-started-in-office-government-bans-firecrackers-sale-on-ecommerce-sites-city-records-lowest-temperature-327481

Delhi AQI Today: Air quality index level drops; city records season's lowest temperature

https://www.zeebiz.com/personal-finance/photo-gallery-top-5-small-cap-mutual-funds-with-best-sip-xirr-returns-in-1-year-calculator-inr-rs-25000-monthly-investment-has-grown-to-355000-nifty-150-tri-bse-invesco-edelweiss-hsbc-franklin-nav-aum-327419

Top 5 Small Cap Mutual Funds with best SIP returns in 1 year: See how Rs 25,000 monthly investment has grown in each scheme

https://www.zeebiz.com/personal-finance/photo-gallery-top-7-sbi-sip-mutual-funds-with-highest-sip-return-xirr-in-1-year-capital-gains-calculator-how-inr-rs-25000-monthly-investment-has-grown-to-bse-sp-nifty-multi-large-health-tech-banking-326674

Top 7 SBI Mutual Funds With Best SIP Returns in 1 Year: Rs 25,000 monthly SIP investment in No.1 fund has jumped to Rs 3,58,404

https://www.zeebiz.com/markets/stocks/photo-gallery-adani-group-stocks-nosedive-heres-what-anil-singhvi-suggests-327508

Adani group stocks nosedive: Buy or Sell? Here's what Anil Singhvi says

https://www.zeebiz.com/personal-finance/photo-gallery-sbi-state-bank-of-india-5-years-fixed-deposit-fd-vs-post-office-monthly-income-scheme-mis-where-can-you-get-more-income-in-5-years-on-investment-of-rs-200000-see-calculations-327293

SBI 5-Year FD vs MIS: Which can offer higher returns on a Rs 2,00,000 investment over 5 years? See calculations

https://www.zeebiz.com/trending/news-rains-in-tamil-nadu-orange-alert-issues-for-november-26-regional-meteorological-centre-cyclone-south-andaman-sea-puducherry-karaikkal-327505

Tamil Nadu Weather News: Heavy rain likely in TN, orange alert issued for Nov 26

https://www.zeebiz.com/markets/stocks/photo-gallery-psu-and-largecap-shares-to-buy-short-term-bse-sensex-nse-nifty-pick-of-the-day-327460

Stocks to buy: Hindustan Aeronautics, Zomato, Tata Tech, GMR Airports among analysts' top picks

Updated: Fri, May 26, 2023
09:26 AM IST
New Delhi, IANS
RELATED NEWS
Uber launches new audio recording option for rides, drivers Uber launches new audio recording option for rides, drivers
This startup has launched voice-based feature in app to deter all vehicle-related concerns This startup has launched voice-based feature in app to deter all vehicle-related concerns
Railways vow 100% electrification of its broad gauge in 5 years Railways vow 100% electrification of its broad gauge in 5 years
TRAI launches app for subscribers to rate call quality TRAI launches app for subscribers to rate call quality
SHAREit to set up India headquarters in Gurugram SHAREit to set up India headquarters in Gurugram

By accepting cookies, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

x