How an innocuous app morphed into a trojan – Week in security with Tony Anscombe

Cyber Security

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool

This week, ESET malware researcher Lukas Stefanko revealed how an initially legitimate Android app morphed into a malicious trojan that could steal users’ files and record surrounding audio from the device’s microphone and then exfiltrate it. The app, named iRecorder – Screen Recorder, was first listed in the Google Play Store in September 2021, with the malicious code added almost a year later. ESET research named the malware AhRat and it is a customization of the open-source AhMyth remote access trojan (RAT). The app was downloaded 50,000-plus times before it was detected by ESET and removed from the Android store by Google.

For a technical writeup, head over to our blogpost: Android app breaking bad: From legitimate screen recording to file exfiltration within a year

Connect with us on FacebookTwitterLinkedIn and Instagram.

Products You May Like

Articles You May Like

CISA Urges Immediate Credential Reset After Sisense Breach
Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts
‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan
Rhadamanthys Malware Deployed By TA547 Against German Targets
Python’s PyPI Reveals Its Secrets

Leave a Reply

Your email address will not be published. Required fields are marked *