ESET research uncovered Android apps that initially had no malicious features, but months later turned into spying tools
This week, ESET malware researcher Lukas Stefanko revealed how an originally legitimate Android app turned into a malicious trojan that can steal user files and record the surrounding audio from the device’s microphone and then extract it. An app called iRecorder – Screen Recorder, was first listed on the Google Play Store in September 2021, with the malicious code added almost a year later. ESET research named the malware AhRat and it is a customization of the open-source AhMyth remote access trojan (RAT). The app was downloaded more than 50,000 times before it was detected by ESET and removed from the Android store by Google.
For a technical report, go to our blogpost: Android apps are terrible: From legal screen recording to file exfiltration in a year