- ESET discovered that the "iRecorder – Screen Recorder" app introduced malicious code called AhRat in an update nearly a year after its launch.
- AhRat is a modified version of an open-source Remote Access Trojan (RAT) called AhMyth, allowing full access to devices and functioning as spyware and stalkerware.
- The code potentially allows the app to record ambient sounds from the phone’s microphone every 15 minutes and transfer documents, websites, and media content from the user’s phone.
- The app has been removed from Google Play, and users are advised to uninstall it from their devices.
- When removed, the app had over 50,000 downloads, indicating it may have been part of a larger espionage campaign.
- It is rare for developers to upload a legitimate app and later update it with malicious code, suggesting a deliberate act.
- Despite efforts from Google and Apple to screen apps for malware, malicious apps can still slip through the cracks.
- Google has blocked over 1.4 million privacy-violating apps from reaching Google Play.
- The responsible party for planting the malicious code in the iRecorder app and their motives remain unknown.
Les hele artikkelen
