Security News > 2023 > May > Data Stealing Malware Discovered in Popular Android Screen Recorder App
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app.
The app, which accrued over 50,000 installations, was first uploaded on September 19, 2021.
"The malicious code that was added to the clean version of iRecorder is based on the open source AhMyth Android RAT and has been customized into what we named AhRat."
iRecorder was first flagged as harboring the AhMyth trojan on October 28, 2022, by Kaspersky security analyst Igor Golovin, indicating that the app managed to stay accessible all this time and even received a new update as recently as February 26, 2023.
iRecorder is the work of a developer named Coffeeholic Dev, who has also released several other apps over the years.
This development is just the latest example of malware adopting a technique called versioning, which refers to uploading a clean version of the app to the Play Store to build trust among users and then adding malicious code at a later stage via app updates, in a bid to slip through the app review process.
News URL
https://thehackernews.com/2023/05/data-stealing-malware-discovered-in.html
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)