Google recently removed a screen recording app called iRecorder. Researchers discovered that the app contained a malicious program that could secretly record users’ mobile phone environments and steal their archives!!
An Android screen recording app called iRecorder has recently caught the attention of security experts. They discovered that the app contained a malicious program called AhRat, which secretly recorded users’ mobile phones and stole their files. The app has been available on Google Play since September 2021, but after a certain version in August 2022, it was implanted with the malicious program.
The iRecorder app, which includes AhRat, not only legally records the screen, but also accesses the user’s microphone, records the sound of the surrounding environment, and uploads it to the attacker’s server. It is also able to transmit web pages, images, videos, files, and compressed files stored on the user’s phone to the attacker through specific file names. The researchers believe this was part of a massive espionage operation, but they have not yet determined which group the AhRat Trojan is associated with.
Google has removed the iRecorder app from Google Play because it was found to contain malicious programs. Security researchers have found only one infected example, but the AhRat Trojan has affected a number of other apps long ago, including a broadcast streaming app in 2019. The app’s developers have not responded as to why iRecorder contained the trojan and was not discovered. However, the researchers noted that other apps offered by the developer did not contain malicious code.