The discovery of a seemingly harmless Android app named “iRecorder – Screen Recorder” that secretly recorded audio and engaged in suspicious activities has uncovered a deeper story.
According to security software firm ESET, which owns the WeLiveSecurity blog, the iRecorder app was innocuous before the introduction of the harmful update. The blog post states, “Initially, the iRecorder app did not have any harmful features. However, what is quite uncommon is that the application received an update containing malicious code quite a few months after its launch.” This revelation raises questions about the motives behind the app’s initial release and subsequent update.
The situation becomes even more peculiar as the app’s malicious behavior involves extracting microphone recordings and stealing files with specific extensions, suggesting its involvement in an espionage campaign. ESET identifies the malware responsible for the app’s transformation as AhMyth, a remote access trojan.
AhMyth has previously plagued the Google Play store on multiple occasions, signifying the seriousness of the issue. As the name suggests, this type of malware grants remote access to victims’ phone data, which can be used nefariously by outside developers or compromise the security of infected devices.
The latest variant of AhMyth, named “AhRat” by WeLiveSecurity, appears to be exclusive to the iRecorder app, which has now been removed from Google Play. ESET’s researchers have not detected this malware elsewhere in the wild. While the perpetrators behind this version of AhMyth remain unidentified, past iterations have been associated with the cyberespionage group Transparent Tribe, also known as APT36.
Transparent Tribe is notorious for utilizing social engineering techniques and targeting government and military organizations in South Asia. However, it is crucial to note that there is currently no evidence linking this attack to any known advanced persistent threat.
The discovery of the iRecorder app’s hidden malicious activities highlights the importance of exercising caution, even when downloading apps from official stores. It is a stark reminder that malware can lurk in unexpected places, compromising the security and privacy of users. Vigilance and adherence to best practices in digital security are essential in the face of evolving threats.
