This previously legitimate Android app is now secretly recording you, uninstall it
ESET researchers discovered malware installed on 50,000 Android smartphones.
ESET shared a discovery with journalists that is both surprising and worrying. According to cybersecurity experts, the application “ iRecorder on Android has gone rogue in a year and spying on its users. The allegation is particularly serious since the application in question has been downloaded at least 50,000 times on the Play Store. Although Google has made its store more secure, it is also available in alternative stores.
To read – Google Play Store: Ads are officially coming to the search bar
As the name suggests, iRecorder allows users to record videos of their device screen. He is one Appeared on Play Store in September 2021, so no malicious code. However, a year later, an update turned it into malware. Its developer, or someone else, it has not yet been determined, was inserted A Trojan horse, Ahrad was baptizedA malignant variant of AhMyth, an open source remote access software.
AhRat is an Android malware that steals your data and records you without your knowledge
iRecorder has been “dormant” for a year, then got up. Since the app had all the administrative rights on the phones received at the time of installation, it started recording audio through the microphones of the users’ smartphones, without their knowledge, or ” Extract the files Its extensions refer to file formats used to compress stored web pages, images, audio and video files, documents and more.
A process that suggests that Malware is a cog in a major espionage campaign. Indeed, since the AhRat was only detected in this particular application, one might imagine that it was specially designed for “performance”. According to the researchers, “AhRat’s case is a good example of how an initially legitimate application can turn into a malicious application. […] Fortunately, preventative measures have already been implemented in some form in Android 11 Application waiting “.
Source: We live in security
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/liberation/LBC7H5JSLJHOVJQNIOAMO5UTPY.jpg)
