Popular Android Screen Recorder iRecorder App Revealed as Trojan

According to ESET, iRecorder was infected with a variant of AhMyth, which is an open-source remote administration tool capable of extracting sensitive data from Android devices.

The iRecorder app has been removed from the Google Play Store, but it is still available on third-party app stores, so be careful!

iRecorder – Screen Recorder, a once legitimate Android application, has now been found to harbour a dangerous Android remote access Trojan (RAT). Cybersecurity experts from ESET made this discovery, uncovering a variant of AhMyth, an open-source remote administration tool capable of extracting sensitive data from Android devices.

Initially launched in September 2021 and boasting over 50,000 installs, iRecorder – Screen Recorder appeared to be a harmless screen-recording app. However, the latest analysis by ESET has revealed the presence of a malicious code, referred to as AhRat by the researchers, within the app’s recent update to version 1.3.8 in August 2022.

Popular Android Screen Recorder iRecorder App Revealed as Trojan
The malicious iRecorder app (Credit: ESET)

The AhRat Trojan enables unauthorized access to Android devices, allowing the perpetrator to exfiltrate files with specific extensions and capture microphone recordings. These compromised data are then uploaded to a command and control (C2) server under the attacker’s control. ESET’s report suggests that such targeted actions could indicate the app’s involvement in an espionage campaign, though it is yet to be attributed to a specific group.

AhMyth, the base RAT on which AhRat is built, has previously been associated with Transparent Tribe, a cyber espionage group known as APT36. Transparent Tribe has a reputation for utilizing social engineering techniques and focusing on government and military organizations in South Asia. However, the researchers caution against directly linking the current samples to any known advanced persistent threat (APT) group.

Once informed by ESET, the Google Play security team promptly removed the iRecorder – Screen Recorder app from its official store. It is worth noting, however, that the application may still be available on unofficial Android markets. The developer behind iRecorder has other applications listed on Google Play, but there is no evidence of malicious code in those applications.

Fortunately, ESET researchers have not detected instances of AhRat beyond the scope of the iRecorder – Screen Recorder app at present. Nevertheless, Android users are advised to remain vigilant and exercise caution while downloading apps from alternative sources, emphasizing the importance of relying on official app stores for enhanced security.

As the digital landscape continues to evolve, this incident serves as a stark reminder that what may seem useful today can quickly turn into a potential threat tomorrow. Users must prioritize their digital safety by staying informed and adopting proactive measures to safeguard their devices and personal information from such malicious attacks.

  1. 23 Android apps leaked data of 100 million users
  2. Android apps on APKPure store spreading malware
  3. Android App Trojans Sold on Dark Web for $25-$20k
  4. 170 scam Android apps scamming crypto enthusiasts
  5. Fake Cyberpunk 2077 Android App Drop Ransomware
Related Posts