This type of malware has a bad history.
hidden surveillance
An Android app that was supposed to be used for screen recording was secretly caught recording audio and sending it to a dark place, but the story of the fiasco runs deeper.
According to blog WeLiveSecurity , the app called "iRecorder - Screen Recorder" has been installed more than 50,000 times from the Google Play Store since its launch in fall 2021, and it appears to be a normal, harmless app.
However, in a later update, the app was "turned into a Trojan horse" with malware, according to security software company ESET, which owns WeLiveSecurity .
“Initially, there were no malicious features in the iRecorder app,” the blog post reads. "The unusual thing is that the app received an update with malicious code a few months after it was launched."
And readers, this is even stranger: "The specific malicious behavior of the application, which includes extracting recordings from the microphone and stealing files with certain extensions, may indicate its involvement in an espionage campaign."
Oh mice!
ESET notes that this strange failure is due to a type of "Remote Access Trojan" - or suggestive RAT - malware known as AhMyth, which has hit the Google Play Store more than once. As the RAT alias suggests, this type of malware is used to remotely access victims' phone data and send it to third-party developers to do whatever they want with infected data or devices.
WeLiveSecurity called the latest version of AhMyth "AhRat" and said that aside from the iRecorder app, which has now been removed from Google Play, its researchers haven't found any malware "anywhere else."
While it's unclear who or what is in control of this latest version of AhMyth, the blog noted that previous generations were used to some very strange things.
WeLiveSecurity , which supports the blog, explained that "AhMyth's open source code was previously used by Transparent Tribe, also known as APT36, a cyberespionage group known for its extensive use of social engineering techniques and targeting of South Asian government and military organizations." Although it contains and does not know who was behind the attack, it has no evidence that it is linked to a "known advanced persistent threat".
As common as malware is, the story of AhMyth and the potential for this version to be used for ulterior purposes is a reminder of how dangerous things like this really are and should concern everyone. Be careful with the official app stores, too.
More on the bad actors: Police say Samar tricked the man into swapping his friend's face and voice
