Provenance Emulator Set to Hit App Store with SEGA, PlayStation Support
Provenance, a versatile multi-system emulator, is gearing up for a debut on the Apple App Store, hot on the heels of Apple's recent rule adjustments.
Popular Android App Secretly Records and Sends Mic Recordings
A seemingly legitimate Android app available on Google Play, with over 50,000 downloads, has been discovered to engage in malicious activity.
According to cybersecurity firm ESET, the app, named iRecorder Screen Recorder, secretly records audio every 15 minutes and transmits it to the app developer (via ArsTechnica).
Initially, iRecorder Screen Recorder served as a benign app that allowed users to capture screen recordings on their Android devices. However, after 11 months, an update transformed the app into a covert audio spyware.
The new functionality enabled the app to remotely activate the device microphone, record sound, connect to a server controlled by attackers, and upload sensitive audio files.
ESET researcher Lukas Stefanko conducted thorough testing by repeatedly installing the app on devices in a controlled environment.
Each time, the app followed the same pattern: it received instructions to record one minute of audio and transmit it to the attacker’s command-and-control server, also known as a C&C or C2. Subsequently, the app would receive the same instruction every 15 minutes indefinitely.
Stefanko emphasized the persistence of the app’s malicious behavior:
“During my analysis, AhRat was actively capable of exfiltrating data and recording microphone. It happened constantly in my case, since it was conditional to commands that were received in the config file.
Config was received every 15 minutes, and record duration was set to 1 minute. During analysis, my device always received commands to record and send mic audio to C2. It occurred 3-4 times, then I stopped the malware.”
According to Stefanko, the first version of iRecorder to include the malicious functionality was 1.3.8, which became available in August 2022.
While malware disguised within apps on Google Play is not uncommon, the extent of this app’s malicious activity sets it apart. Stefanko believes the iRecorder might be part of an ongoing espionage campaign.
The iRecorder app has now been removed from Google Play.
P.S. Help support us and independent media here: Buy us a beer, Buy us a coffee, or use our Amazon link to shop.
Other articles in the category: News
New 12.9-inch iPad Air Said to Feature Pro-Level Display Technology
Display analyst Ross Young has confirmed the upcoming new 12.9-inch iPad Air will boast the same display technology as the 12.9-inch iPad Pro.
Alleged HomePod Display Component Surfaces Online
A purported image of a Apple's next-gen HomePod's display component has surfaced online, courtesy of Kosutami, a known source for Apple leaks.