Security News > 2023 > May > Data Stealing Malware Discovered in Popular Android Screen Recorder App

Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app.

The app, which accrued over 50,000 installations, was first uploaded on September 19, 2021.

"The malicious code that was added to the clean version of iRecorder is based on the open source AhMyth Android RAT and has been customized into what we named AhRat."

iRecorder was first flagged as harboring the AhMyth trojan on October 28, 2022, by Kaspersky security analyst Igor Golovin, indicating that the app managed to stay accessible all this time and even received a new update as recently as February 26, 2023.

iRecorder is the work of a developer named Coffeeholic Dev, who has also released several other apps over the years.

This development is just the latest example of malware adopting a technique called versioning, which refers to uploading a clean version of the app to the Play Store to build trust among users and then adding malicious code at a later stage via app updates, in a bid to slip through the app review process.

News URL

https://thehackernews.com/2023/05/data-stealing-malware-discovered-in.html