ESET researchers found that a previously safe app called iRecorder was turned into obvious malware with a malicious software update that Google Play missed entirely.
Over fifty thousand users downloaded the software application before it was removed from the online store after tests showed it recorded users’ audio without authorization.
Google Play Is Caught With Cybersecurity Scandal Yet Again
On May 23rd, ESET researchers released a public statement that entails the detection of iRecorder, a malicious screen, and an audio Android software application on the online app store.
According to the ESET report, iRecorder officially debuted in the Google Play Store on September 19th, 2021, with over 50,000 downloads due to its versatility of recording screen and audio seamlessly.
The app was initially built without any form of malicious functionality.
However, after an update to the 1.3.8 version made available for download in August 2022, iRecorder portrayed nefarious behaviors.
The application’s nefarious functionality involves extracting microphone recordings audio without prior authorization.
The malicious app provides video recording functionality, so it is expected to ask for permission to record audio and store it on the device. It behaves as a standard app without any special permission requests that might reveal its malicious intentions. 3/5 pic.twitter.com/sLViHwpkpq
— ESET Research (@ESETresearch) May 23, 2023
There was also a report of theft of files with specific extensions, which potentially signals an attachment with an espionage campaign or cyberattack group.
Google Inc. has grown to become one of the biggest and most popular technology and telecommunication companies due to its spate of utility-driven innovations.
These innovations include a search engine, mobile operating system, app store, and new generative artificial intelligence (AI) creation.
The Google app store enables developers to upload efficient software apps for users to easily select and download their favorites.
However, concerns have been raised over the app store’s security due to easy breaches by hackers and the integration of undetected malicious applications.
With iRecorder being the latest cybersecurity issue, it appears there’s a need for more functional security infrastructures to protect users from being potential victims.
ESET Insights on Malicious Applications
ESET is a group of software applications developers and cybersecurity experts that acts as a Google App Defense Alliance partner.
The revered group detected the iRecorder microphone-snoop and named malware AhRat and discovered that it was based on a common malware package called AhMyth.
ESET emphasized how uncommon it is for developers to upload a versatile and legitimate software application to Google’s online store and then wait nearly a year to update it with malicious code.
The code integrated into iRecorder upgraded version is deployed on the open-source AhMyth Android RAT (remote access trojan), which is now dubbed AhRat by Google’s Defense Affiliate group.
iRecorder build-like applications can record surrounding audio from the device’s microphone and easily upload data to the developer’s command and control (C&C) server.
The app can also withdraw secured files with extensions of saved web pages, videos, audio, images, document files, and diverse file formats used for compressing multiple files from devices.
Interestingly, AhRat’s config file contains more commands than AhRat is capable of executing, as some malicious functions are not implemented, which may indicate it is a lightweight version. Despite this, AhRat is still capable of recording audio and exfiltrating files. 4/5 pic.twitter.com/3fmWB1EV6d
— ESET Research (@ESETresearch) May 23, 2023
While this may sound just basic, the potential harm length is limitless.
Users of such applications are potential victims of credit card scams, identity theft, digital account access, blackmail, impersonation, and much more.
Although there are rumors about an alleged iRecorder connection to a much bigger cyberattack group or espionage, ESET has yet to attribute the software application to any malicious group.
The app’s malicious behavior potentially indicates its involvement in an espionage campaign. However, we cannot attribute it to any APT group. Besides this one case, we have not detected AhRat anywhere else in the wild. After our alert, the app was removed from Google Play. 5/5
— ESET Research (@ESETresearch) May 23, 2023
Instead, the Google App Defense Alliance partner identified the newly upgraded version as malicious and shared its tests and data discovery with Google.
After verification, the iRecorder was removed from the online app’s store.
After the malware was discovered, iRecorder was removed from the app store.
What Is the Next Move?
Once again, ESET has proven to be a functional defense partner of Google’s app store.
However, too much reliance on these 3rd parties may be a detrimental bargain due to the spate of software applications debuting in the app store.
To keep users safe from increased risks attached to cyberattacks and the integration of malicious code in applications, Google must incorporate stronger security measures and firewalls that verify developers and applications (and updates) before uploading them.
The online app store must integrate the same shift to record developers’ details and their applications, similar to Know-Your-Customer verification in the finance world, which is used to combat money laundering.
In case of any breach, there will be a database to fetch out perpetrators.
Related News
-
Never Use Passwords Again – Here’s How to Switch to Passkeys With Google Accounts
- AI-Generated Scam Apps Are Pouring Into the App Store and Google Play
-
Best VPN Services – Top 17 VPNs for Streaming and Privacy in 2023
What's the Best Crypto to Buy Now?
- B2C Listed the Top Rated Cryptocurrencies for 2023
- Get Early Access to Presales & Private Sales
- KYC Verified & Audited, Public Teams
- Most Voted for Tokens on CoinSniper
- Upcoming Listings on Exchanges, NFT Drops