Google Didn't Notice Safe App Turning Into Malware That Records User Audio
Source: Websterfive

ESET researchers found that a previously safe app called iRecorder was turned into obvious malware with a malicious software update that Google Play missed entirely.

Over fifty thousand users downloaded the software application before it was removed from the online store after tests showed it recorded users’ audio without authorization.

Google Play Is Caught With Cybersecurity Scandal Yet Again

On May 23rd, ESET researchers released a public statement that entails the detection of iRecorder, a malicious screen, and an audio Android software application on the online app store.

According to the ESET report, iRecorder officially debuted in the Google Play Store on September 19th, 2021, with over 50,000 downloads due to its versatility of recording screen and audio seamlessly.

The app was initially built without any form of malicious functionality.

However, after an update to the 1.3.8 version made available for download in August 2022, iRecorder portrayed nefarious behaviors.

The application’s nefarious functionality involves extracting microphone recordings audio without prior authorization.

There was also a report of theft of files with specific extensions, which potentially signals an attachment with an espionage campaign or cyberattack group.

Google Inc. has grown to become one of the biggest and most popular technology and telecommunication companies due to its spate of utility-driven innovations.

These innovations include a search engine, mobile operating system, app store, and new generative artificial intelligence (AI) creation.

The Google app store enables developers to upload efficient software apps for users to easily select and download their favorites.

However, concerns have been raised over the app store’s security due to easy breaches by hackers and the integration of undetected malicious applications.

With iRecorder being the latest cybersecurity issue, it appears there’s a need for more functional security infrastructures to protect users from being potential victims.

ESET Insights on Malicious Applications

ESET is a group of software applications developers and cybersecurity experts that acts as a Google App Defense Alliance partner.

The revered group detected the iRecorder microphone-snoop and named malware AhRat and discovered that it was based on a common malware package called AhMyth.

ESET emphasized how uncommon it is for developers to upload a versatile and legitimate software application to Google’s online store and then wait nearly a year to update it with malicious code.

The code integrated into iRecorder upgraded version is deployed on the open-source AhMyth Android RAT (remote access trojan), which is now dubbed AhRat by Google’s Defense Affiliate group.

iRecorder build-like applications can record surrounding audio from the device’s microphone and easily upload data to the developer’s command and control (C&C) server.

The app can also withdraw secured files with extensions of saved web pages, videos, audio, images, document files, and diverse file formats used for compressing multiple files from devices.

While this may sound just basic, the potential harm length is limitless.

Users of such applications are potential victims of credit card scams, identity theft, digital account access, blackmail, impersonation, and much more.

Although there are rumors about an alleged iRecorder connection to a much bigger cyberattack group or espionage, ESET has yet to attribute the software application to any malicious group.

Instead, the Google App Defense Alliance partner identified the newly upgraded version as malicious and shared its tests and data discovery with Google.

After verification, the iRecorder was removed from the online app’s store.

After the malware was discovered, iRecorder was removed from the app store.

What Is the Next Move?

Once again, ESET has proven to be a functional defense partner of Google’s app store.

However, too much reliance on these 3rd parties may be a detrimental bargain due to the spate of software applications debuting in the app store.

google cyberattacks

To keep users safe from increased risks attached to cyberattacks and the integration of malicious code in applications, Google must incorporate stronger security measures and firewalls that verify developers and applications (and updates) before uploading them.

The online app store must integrate the same shift to record developers’ details and their applications, similar to Know-Your-Customer verification in the finance world, which is used to combat money laundering.

In case of any breach, there will be a database to fetch out perpetrators.

What's the Best Crypto to Buy Now?

  • B2C Listed the Top Rated Cryptocurrencies for 2023
  • Get Early Access to Presales & Private Sales
  • KYC Verified & Audited, Public Teams
  • Most Voted for Tokens on CoinSniper
  • Upcoming Listings on Exchanges, NFT Drops