Malware on Android Still Remains at Large as More ‘Legit’ Apps Appear to be Snooping Data and Extracting Files

wccftech.com:

Although Google Play Store is largely free of any issues with its tight security and strict policies, every now and then, an app or two manages to slip through the cracks, and while it might seem harmless at best, you cannot say the same as it ends up doing some sort of damage, and today, we have news of another app that posed as a screen recorder, but underneath all that, there was a lot more that made the app dangerous, including malware.

Thankfully, the app has been removed ever since, but Play Store was home to an app called iRecorder, and the app stayed on the storefront for almost two years before it got removed. Judging by the name, you would assume you are looking at a seemingly harmless app that allows you to record your screen and share it with friends. However, after the 2022 update, a remote-control backdoor was added to the app.

According to the source, this backdoor code was a variant called AhRat, based on AhMyth, which happens to be spyware that has been found in other Android apps hosted on Play Store before, as well. This time around, however, AhMyth was used in the app in question, and the source mentions how the code mentioned to record audio snippets from the device that had the app installed. However, it gets scary. This code was also able to extract files of various formats from within the infected device. Worse still is that this Android malware was hidden so that it would not be easily detected, as the app itself would behave normally with all its functionality intact.

Thankfully, the source has claimed that they have not found the AhMyth, or AhRat, (a lightweight variant) anywhere so far, and the app in question has also been removed from the Google Play Store after it was reported. One thing to