Technology News
  • Home
  • Apps
  • Apps News
  • Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan

Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan

The iRecorder app is capable of recording and sharing audio with the attacker and exfiltrating files with extensions for images, audio, and video.

Written by David Delima, Edited by Siddharth Suvarna | Updated: 25 May 2023 11:41 IST
Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan

Photo Credit: Pexels/ Sora Shizamaki

AhRat is a customization of the open-source AhMyth remote access trojan (RAT)

Highlights
  • Google has removed the iRecorder screen recording app from the Play Store
  • ESET researchers have dubbed the newly discovered trojan AhRat
  • Users will have to manually remove the infected app from their devices
Advertisement

Google recently removed a trojan-infected Android app, that was installed on over 50,000 devices, from the Play Store. According to the security firm that detected the trojan, the app was first uploaded by the developer in 2021 and then infected with malicious code a year later. The app was also capable of extracting and uploading users' files by detecting extensions for audio, video, and web pages. While the app has been removed from the Play Store, users who downloaded it will have to manually remove the app from their devices.

According to a report published by ESET researchers, the iRecorder app was uploaded to the Play Store for the first time in September 2019, without any malicious functionality. Nearly a year later, the app was infected with the open-source AhMyth Android RAT (remote access trojan) in a variant that the researchers dubbed AhRat. Users who updated the app, or downloaded it for the first time since August 2022 would have the infected app on their device.

irecorder app trojan screenshot eset irecorder malware trojan

The iRecorder app had over 50,000 downloads on the Google Play store
Photo Credit: Screenshot/ ESET

 

While the initial version of the app did not have any malicious functionality, ESET states that it was later updated with code that allowed it to engage in malicious behaviour, including recording ambient sound and audio by utilising the phone's mic. These recordings could then be uploaded to the attacker's command-and-control (C&C) server. The app was also capable of extracting files with specific extensions, such as video, audio, images, web pages, documents, and compressed files.

ESET's researchers explain that the AhMyth RAT is a very powerful tool that can exfiltrate text messages, call logs, and contacts on a user's phone while recording audio, capturing images, tracking the device's location, and generating a list of all the files on the smartphone. 

The app's behaviour suggests that the AhRat trojan could be used as part of an espionage campaign, according to the researchers, who were unable to attribute it to any advanced persistent threat (APT) group. Meanwhile, ESET says that the original open-source AhMyth RAT was previously used by cyberespionage group APT36 — commonly known as Transparent Tribe — to target government and military organisations in South Asia. 

After ESET flagged the malicious code in the iRecorder app to Google, the app was removed from the Google Play store. The app has already been downloaded 50,000 times, according to the listing at the time of its removal. Users who installed or updated the application after it was infected will have to manually uninstall it in order to remove the infected app from their smartphones.

Google I/O 2023 saw the search giant repeatedly tell us that it cares about AI, alongside the launch of its first foldable phone and Pixel-branded tablet. This year, the company is going to supercharge its apps, services, and Android operating system with AI technology. We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Malware, Android Malware, Trojans, RAT
David Delima
David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
Vivo S17, Vivo S17 Pro Launch Date Set for May 31, Design Teased Ahead of Launch: Report
Facebook Parent Meta Starts Final Round of Layoffs as Part of Plan to Cut 10,000 Roles

Related Stories

Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Vivo Y200i With S50-Megapixel Camera Launched
  2. Why Elon Musk Postponed His India Visit to Later in the Year
  3. Lenovo Might Launch the First Laptop With Snapdragon X Elite: See Images
  4. Xiaomi's HyperOS Is Now Coming to the Redmi Note 13 Series in India
#Latest Stories
  1. Vivo Y200i With Snapdragon 4 Gen 2, 50-Megapixel Rear Camera Launched: Price, Specifications
  2. Apple Offer to Open Up NFC-Based Tap-and-Go Technology Said to Be on Track for EU Approval by May
  3. Google Pixel 9 Pro Spotted in Leaked Hands-On Images Next to iPhone 15 Pro Max
  4. Elon Musk Postpones India Visit Due to 'Very Heavy Tesla Obligations'
  5. Bitcoin ‘Halving’ Software Update Cuts Supply of New Tokens in Threat to Miners
  6. Xiaomi 14 Series 'AI Treasure Chest' With Several AI Tools in Testing, Could Debut This Year: Report
  7. Redmi Note 13 5G Series HyperOS Update Based on Android 14 Begins Rolling Out in India
  8. YouTube Reportedly Rolling Out Support for 8K Resolution Videos on the Meta Quest
  9. Lenovo Yoga Slim 7 (2024) Design Spotted in Leaked Renders; Could Debut as First Snapdragon X Elite Laptop
  10. Samsung Galaxy Z Flip 6 With Snapdragon 8 Gen 3 SoC for Galaxy Allegedly Surfaces on Geekbench
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »