Both apps were linked to ‘SecurITY Industry.’ The apps request permissions for accessing contacts and location data.Īs per the research, attackers are moving away from phishing email attacks and are now favoring spear messages through platforms such as Telegram or WhatsApp to trick users into downloading spurious apps. The malicious apps were tracked to the India-based hacking group “DoNot.” Cyfirma says these apps could prepare devices for more severe malware attacks.
See More: Blackcat Ransomware Threatens To Leak 80GB Data Unless Reddit Withdraws Its New API Policy Malware Detected on Android Platforms, Disguised as Security and VPN AppsĪnother cybersecurity firm, Cyfirma, found that the nSure Chat and iKHfaa VPN apps on Google’s Play Store were used maliciously by threat actors for information collection from targeted devices. However, the company could not link the malware to a specific organization. The malicious app was removed from the Play Store following ESET’s alert. It could also send files such as saved web pages, compressed files, audio, video, and documents stored on the device. While the code is not currently found in other Play Store apps, it is not the first time it has infiltrated the official app store.Īpart from its intended screen recording functionality, the malware recorded surrounding audio from the device’s microphone and sent it to the attacker’s servers. The code is based on AhMyth Android RAT (remote access trojan). The malicious code was added to the clean version of the IRecorder app and was used to steal video and audio files from the users’ devices. According to ESET, the malware was likely added to the app during an update. The app, known as IRecorder, has been downloaded 50,000 times so far and has been available as a legit app since September 2021.
Researchers from cybersecurity company ESET detected an Android app hiding malicious code on Google’s Play Store.
0 kommentar(er)
