• Home
  • Apps
  • Apps News
  • Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan

Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan

The iRecorder app is capable of recording and sharing audio with the attacker and exfiltrating files with extensions for images, audio, and video.

Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan

Photo Credit: Pexels/ Sora Shizamaki

AhRat is a customization of the open-source AhMyth remote access trojan (RAT)

Highlights
  • Google has removed the iRecorder screen recording app from the Play Store
  • ESET researchers have dubbed the newly discovered trojan AhRat
  • Users will have to manually remove the infected app from their devices
Advertisement

Google recently removed a trojan-infected Android app, that was installed on over 50,000 devices, from the Play Store. According to the security firm that detected the trojan, the app was first uploaded by the developer in 2021 and then infected with malicious code a year later. The app was also capable of extracting and uploading users' files by detecting extensions for audio, video, and web pages. While the app has been removed from the Play Store, users who downloaded it will have to manually remove the app from their devices.

According to a report published by ESET researchers, the iRecorder app was uploaded to the Play Store for the first time in September 2019, without any malicious functionality. Nearly a year later, the app was infected with the open-source AhMyth Android RAT (remote access trojan) in a variant that the researchers dubbed AhRat. Users who updated the app, or downloaded it for the first time since August 2022 would have the infected app on their device.

irecorder app trojan screenshot eset irecorder malware trojan

The iRecorder app had over 50,000 downloads on the Google Play store
Photo Credit: Screenshot/ ESET

 

While the initial version of the app did not have any malicious functionality, ESET states that it was later updated with code that allowed it to engage in malicious behaviour, including recording ambient sound and audio by utilising the phone's mic. These recordings could then be uploaded to the attacker's command-and-control (C&C) server. The app was also capable of extracting files with specific extensions, such as video, audio, images, web pages, documents, and compressed files.

ESET's researchers explain that the AhMyth RAT is a very powerful tool that can exfiltrate text messages, call logs, and contacts on a user's phone while recording audio, capturing images, tracking the device's location, and generating a list of all the files on the smartphone. 

The app's behaviour suggests that the AhRat trojan could be used as part of an espionage campaign, according to the researchers, who were unable to attribute it to any advanced persistent threat (APT) group. Meanwhile, ESET says that the original open-source AhMyth RAT was previously used by cyberespionage group APT36 — commonly known as Transparent Tribe — to target government and military organisations in South Asia. 

After ESET flagged the malicious code in the iRecorder app to Google, the app was removed from the Google Play store. The app has already been downloaded 50,000 times, according to the listing at the time of its removal. Users who installed or updated the application after it was infected will have to manually uninstall it in order to remove the infected app from their smartphones.


Google I/O 2023 saw the search giant repeatedly tell us that it cares about AI, alongside the launch of its first foldable phone and Pixel-branded tablet. This year, the company is going to supercharge its apps, services, and Android operating system with AI technology. We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Malware, Android Malware, Trojans, RAT
David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
Vivo S17, Vivo S17 Pro Launch Date Set for May 31, Design Teased Ahead of Launch: Report
Facebook Parent Meta Starts Final Round of Layoffs as Part of Plan to Cut 10,000 Roles
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »