Recently an Android app named “iRecorder – Screen Recorder” has been exposed for secretly recording audio and transmitting it to suspicious people.
The app, initially considered benign, gained more than 50,000 installations from the Google Play store since its launch in the fall of 2021. However, subsequent updates introduced malicious software, resulting in the app being “trojanized” or infected with a virus.
According to cybersecurity firm ESET, the iRecorder app initially lacked harmful features. However, several months after its release, an update containing malicious code transformed the application’s behavior.
The app began extracting microphone recordings and stealing files with specific extensions, strongly indicating its involvement in an espionage campaign.
The malware responsible for this incident is a variant of the “remote access trojan” (RAT) known as AhMyth. This type of malware enables unauthorized access to victims’ phone data, which can be exploited by malicious actors or used to compromise the infected devices. WeLiveSecurity has named the latest version of AhMyth as “AhRat.” Fortunately, researchers have not detected this malware elsewhere, although it remains unclear who controlled this specific iteration.
While the motives behind this attack are still unknown, previous versions of AhMyth have been employed by a cyberespionage group known as Transparent Tribe or APT36.
Transparent Tribe is notorious for utilizing social engineering techniques and targeting government and military organizations in South Asia. However, there is currently no concrete evidence linking this incident to any known advanced persistent threat.
Even though the iRecorder app has since been removed from the Google Play store, the exact purpose of the attack was remains unknown.
Generally speaking, the purpose behind an app stealing data can range from espionage and surveillance to identity theft and fraud. Malicious actors may aim to gather sensitive information for purposes such as extracting intellectual property, trade secrets, or classified documents, or they may use stolen personal data for identity theft or fraudulent activities.
Data can also be monetized by selling it to third parties for targeted advertising or market research.
Stolen data can also be used for ransom and extortion, where cybercriminals threaten to release sensitive information or demand payment in exchange for not disclosing the stolen data.
In some cases, the motive behind data theft may be malicious intent, aiming to disrupt operations, cause chaos, or damage the reputation of individuals or organizations.
This incident serves as a stark reminder of the potential dangers associated with malware. It reinforces the importance of exercising caution, even when downloading apps from official sources. Users should remain vigilant and adopt preventive measures to safeguard their devices and personal data from such threats.
To protect against similar app-based attacks or malware incidents, here’s what you can do:
- Stick to official app stores: Download apps only from reputable sources like the Google Play store or Apple App Store. These platforms implement strict security measures to minimize the risk of hosting malicious apps.
- Verify app permissions: Before installing an app, carefully review the permissions it requests. Be cautious if an app asks for excessive permissions that seem unrelated to its functionality.
- Install reliable security software: Equip your Android device with a trusted antivirus or security app. These tools can detect and prevent the installation of malicious apps, providing an extra layer of protection.
- Regularly update apps and operating system: Keep your device’s operating system and all installed apps up to date. Developers frequently release security patches and updates to address vulnerabilities and protect against emerging threats.
- Exercise caution with unknown apps: If an app lacks sufficient reviews, ratings, or a solid reputation, exercise caution before installing it. Research the app and its developer to ensure credibility.
- Read user reviews and ratings: Take the time to read user reviews and ratings for apps before downloading. Pay attention to any reports of suspicious or malicious behavior.
By following these preventive measures, the risk of falling victim to similar app-based attacks or malware incidents can be significantly reduced. The importance of cybersecurity awareness and proactive protection cannot be overstated in today’s digital landscape.