Researchers at ESET, a software company specializing in cybersecurity, The iRecorder Screen Recorder Android app developed malicious code after an update in August 2022.
(
As security expert Lukas Stefanko explains on his blog, the app is available on Google Play from September 2021 and its main function was to allow screen recording of Android devices. That system changed eleven months later when they added a new functionality.
With the new version of iRecorder Screen Recorder, it started to record one minute of sound every 15 minutes. According to Stefanko, these surround sounds received from the device’s microphone began to be uploaded to the attacker’s command and control server.
“It can also filter files with extensions that represent recorded web pages, images, audio, video and document files, and file formats used to compress various files from the device,” the expert detailed on the “We Live Security” blog.
(Keep reading: SSD storage for computers: SATA or NVMe?).
Although the app cannot be associated with any malicious group, the researchers suggested that it could be a spying campaign, and stated that the functions include extracting microphone recordings and stealing files from certain extensions.
Analysis of the study revealed that iRecorder has two versions of malicious code in its system based on AhMyth RAT, a type of malware that can remotely control an infected device. The first remained unchanged, the second customized the code and communication between the C&C server and the backdoor.
Lukas Stefanko states that AhMyth RAT is “a powerful tool that can perform various malicious functions, including extracting call logs, contacts and text messages, getting a list of files on the device, tracking device location, sending SMS messages, saving.” sound and photographing”.
ESET experts notified Google after finding malicious code in the app.
(Interesting: These are the top-buy mid-range cell phones in Colombia: What’s up?).
The tech giant responded to the company’s warning and as a result removed iRecorder Screen Recorder from the online store. However, this does not mean that it cannot be found on unofficial sites. If you still installed the app by these means, it is recommended to uninstall it.
So far, analysts have found no trace of this malicious code in other Google Play apps supported by iRecorder’s developer. Although this does not guarantee that they will not be able to in the future.
The discovery by ESET experts revealed that a legitimate app could become malicious within months. In Android 11 and above, hibernation is one strategy for such malicious actions.
American teenager killed his family because he thought they were cannibals
Anger at porn video in gym and public park in Madrid, Cundinamarca
They accuse a neighbor of using a Pablo Escobar sticker on WhatsApp: this could happen to him
VALERIA CASTRO VALENCIA
DIGITAL SCOPE WRITING
TIME
Source: Exame
