Security

Popular Android App Found To Start Audio Recording and Send Data to Hackers Every 15 Minutes

recording on phone icon

Security researchers are warning that a popular Android app has turned malicious and started sending audio recordings to the attackers every 15 minutes. And no, this is not like TikTok tracking or Facebook tracking but actual spying and sending off files. That’s the worst part: the malware code in it could also be used to extract files, messages and other critical information.

How?

Sometime in the last year, the popular Android app called iRecorder, designed to let you record and share your Android screen, had an update that added malicious functionality.

That update let iRecorder turn on a phone’s microphone and start recording sound. Then, every 15 minutes, it started sending those recordings to an unknown attacker.

At the time of the investigation, the iRecorder app had more than 50,000 downloads from the Google Play store. The malicious update used code from AhMyth, an open source RAT (remote access Trojan), and made the phone start sending one minute of audio, every 15 minutes, to a C&C (command & control center, the term security researchers use for the device controlled by the attacker).

The attack was discovered by security company ESET.

From their report:

“During our analysis, we identified two versions of malicious code based on AhMyth RAT. The first malicious version of iRecorder contained parts of AhMyth RAT’s malicious code, copied without any modifications. The second malicious version, which we named AhRat, was also available on Google Play, and its AhMyth code was customized, including the code and communication between the C&C server and the backdoor. By the time of this publication, we have not observed AhRat in any other Google Play app or elsewhere in the wild, iRecorder being the only app that has contained this customized code.

“AhMyth RAT is a potent tool, capable of various malicious functions, including exfiltrating call logs, contacts, and text messages, obtaining a list of files on the device, tracking the device location, sending SMS messages, recording audio, and taking pictures. However, we observed only a limited set of malicious features derived from the original AhMyth RAT in both versions analyzed here. These functionalities appeared to fit within the already defined app permissions model, which grants access to files on the device and permits recording of audio. Notably, the malicious app provided video recording functionality, so it was expected to ask for permission to record audio and store it on the device, as shown in Figure 2. Upon installation of the malicious app, it behaved as a standard app without any special extra permission requests that might have revealed its malicious intentions.”

As you can see, what seemed to be a regular Android app became malware and, unfortunately, users had no way of knowing it.

Fortunately, there are some ways to protect yourself from future apps spying on you.

How to stop apps spying on you

Android 11 and higher versions have a nifty feature called “app hibernation”, which can protect you from most apps running in the background and doing nefarious things. Thanks to this, ArsTechnica explains that apps that you switched away from and haven’t been used recently are put into hibernation. This hibernation mode removes their previously granted runtime permission. This way, an app that lets you record your screen or audio can’t do the same thing if it’s unused in the background.

Also read: How to Prove You Didn’t Use ChatGPT: One Simple Trick to Avoid ChatGPT Plagiarism Accusations

How to know if your phone microphone or camera is on

Ever since Android 12, if your camera is in use, you get a discreet notification.

You can check if your phone camera is active by looking on the right side of the status bar at the top of your screen.

The same goes if you want to check if your phone microphone is on. Look for a green dot or indicator in the status bar and you’ll know if something is accessing your phone camera or microphone.

If you tap on that, you’ll see which app is accessing your camera or microphone, and you can go to the app permission page in Settings to stop it from doing so. 

Also read: Worse Than Malware: 5 Ecuadorian Journalists Were Attacked with Exploding USB Sticks

Follow TechTheLead on Google News to get the news first.

Subscribe to our website and stay in touch with the latest news in technology.

Must Read

Are you looking for the latest innovations in tech? You're in the right place, just subscribe to our RSS feed


Techthelead Romania     Comedy Store

Copyright © 2016 - 2023 - TechTheLead.com SRL

To Top