Cybersecurity Researchers Expose ‘Legitimate’ Android App as Malware

• Researchers from ESET, a cybersecurity firm, have revealed an app in Google’s Play Store that maliciously gathered device data from Android users.
• The app known as IRecorder was found to have been downloaded 50,000 times and has been stealing data since 2021.

Researchers from cybersecurity company ESET detected an Android app hiding malicious code on Google’s Play Store. The app, known as IRecorder, has been downloaded 50,000 times so far and has been available as a legit app since September 2021. According to ESET, the malware was likely added to the app during an update.

The malicious code was added to the clean version of the IRecorder app and was used to steal video and audio files from the users’ devices. The code is based on AhMyth Android RAT (remote access trojan). While the code is not currently found in other Play Store apps, it is not the first time it has infiltrated the official app store.

Apart from its intended screen recording functionality, the malware recorded surrounding audio from the device’s microphone and sent it to the attacker’s servers. It could also send files such as saved web pages, compressed files, audio, video, and documents stored on the device.

The malicious app was removed from the Play Store following ESET’s alert. However, the company could not link the malware to a specific organization.

See More: Blackcat Ransomware Threatens To Leak 80GB Data Unless Reddit Withdraws Its New API Policy

Malware Detected on Android Platforms, Disguised as Security and VPN Apps

Another cybersecurity firm, Cyfirma, found that the nSure Chat and iKHfaa VPN apps on Google’s Play Store were used maliciously by threat actors for information collection from targeted devices.

The malicious apps were tracked to the India-based hacking group “DoNot.” Cyfirma says these apps could prepare devices for more severe malware attacks. Both apps were linked to ‘SecurITY Industry.’ The apps request permissions for accessing contacts and location data.

As per the research, attackers are moving away from phishing email attacks and are now favoring spear messages through platforms such as Telegram or WhatsApp to trick users into downloading spurious apps. 

What measures do you take to keep your devices safe? Let us know your thoughts on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window .

Image source: Shutterstock

LATEST NEWS STORIES

• AMD Challenges NVIDIA With the Launch of MI300X AI Chip
• MOVEit Vulnerabilities: Clop Ransomware Gang Victims Keep Increasing
• European Union Drafts Law To Regulate Artificial Intelligence
• FTC Stalls Microsoft’s $69 Billion Acquisition of Activision