New AhRat Android malware hidden in app with 50,000 installs


Level 15
Thread author
Top Poster
Mar 13, 2022
ESET malware researchers found a new remote access trojan (RAT) on the Google Play Store, hidden in an Android screen recording app with tens of thousands of installs.

While first added to the store in September 2021, the 'iRecorder - Screen Recorder' app was likely trojanized via a malicious update released almost a year later, in August 2022.

The app's name made it easier to ask permission to record audio and access files on the infected devices since the request matched the expected capabilities of a screen recording tool.

Before its removal, the app amassed over 50,000 installations on the Google Play Store, exposing users to malware infections.

"Following our notification regarding iRecorder's malicious behavior, the Google Play security team removed it from the store," ESET malware researcher Lukas Stefanko said.

"However, it is important to note that the app can also be found on alternative and unofficial Android markets. The iRecorder developer also provides other applications on Google Play, but they don't contain malicious code."

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.