Threat Alert:

"iRecorder – Screen Recorder" with more than 50,000 installs Google Play store since its 2021nfall 2021 launch was an app considered to be harmless... at first.

Malware, at some point during a subsequent update, was introduced and the app became a threat to the Android users who had previously downloaded it.

With that said, here's what you should know:

1. The Update Added Malicious Code

The code extracts microphone recordings, searches for and then steals files with specific extension. Targeting specific file extensions is often an indicator of espionage type campaigns.

2. The Malicious Code is a RAT

This RAT or remote access Trojan is a malware known as AhMyth, that accesses a victim's phone data and sends the data to the attackers allowing them to do what they want with the data or to the compromised devices.

3. The App has been pulled from the Google Play Store

It's been pulled from Google Play, but I am advising you to check your downloaded apps and delete the app if found. Currently, this RAT is not being detected in the wild.

4. Before Updating Apps

Check the App's Google Play page and familiarize yourself with the permissions the app requires. This once legitimate app was compromised and would have asked for additional permissions beyond what the app creators have listed.