An Android app, iRecorder – Screen Recorder, developed by an unknown developer, initially appeared to be a legitimate way for users to record their smartphone screens. However, security researchers from ESET have discovered that over time the app morphed into a malicious trojan, capable of spying on users. The app contained malicious code that could secretly give hackers access to the user’s device, allowing them to steal files and data, record audio from the device’s microphone, and exfiltrate the information. ESET researchers have named this new malware as AhRat, which is based on the open-source AhMyth remote access Trojan (RAT).
According to ESET research, the iRecorder – Screen Recorder was listed on the Google Play Store in September 2021 and had been downloaded more than 50,000 times. However, the malicious code was not added until almost a year later, and Google removed the app from their store promptly after ESET’s discovery.
This is not the first time that a seemingly legitimate app has been found to contain malicious code, and experts warn that users should be cautious while downloading applications, even from well-known app stores. Researchers suggest that users should read app reviews before downloading an app and ensure they have a reputable anti-virus and security software installed on their device.
“This is a good example of how cyber-criminals can misuse open-source code. We always recommend users should verify an app before installing it, even if it’s listed on a well-known app store,” says Stefanko. “Furthermore, if an app’s behavior changes over time, it could be a sign that the developer has something malicious planned for the future. Users should keep an eye out for any changes in their device’s behavior and update all their apps regularly.”
AhRat, the malware discovered within the iRecorder – Screen Recorder app, is a Remote Access Trojan (RAT) that allows hackers to take control of the compromised device, steal sensitive data, like keystrokes, record audio and video, and monitor user activity. AhRat is based on the AhMyth RAT, developed by an Algerian-based amateur developer. However, in this case, developers have put extra effort into customizing the RAT, which makes it difficult to recognize by standard anti-virus software.
ESET suggests that The AiRat malware can be removed by installing an anti-malware application like ESET Mobile Security. This app can scan your device for malware, remove security threats, and protect against future threats by automatically updating your security software.
Google recommends users to install apps that you can trust. Also, Always check app permission requests carefully. And if you have any doubts, do not download an app.
The iRecorder – Screen Recorder is just one example of the many malicious apps that hackers create to target unsuspecting smartphone users. It is essential to take the necessary steps to protect yourself from such threats. Be an informed user and consider investing in reputable anti-virus software to help keep your device, and your personal information, safe.