Cybersecurity researchers from ESET have uncovered a disturbing revelation concerning an Android screen recording app that has allegedly been spying on users. The app in question, called “iRecorder – Screen Recorder,” managed to accumulate over 50,000 downloads before being removed from the Google Play Store.
According to a report by TechCrunch, the iRecorder app was able to steal microphone recordings and documents from Android devices. ESET researchers found that the app’s malicious code, derived from the AhMyth remote access trojan, allowed it to surreptitiously upload one-minute audio recordings from the device’s microphone every 15 minutes. Additionally, the app had the ability to delete documents, web pages, and media files from the user’s device.
Remote access trojans like AhRat exploit their extensive access to victims’ devices, often facilitating remote control capabilities. These types of trojans function in a similar manner to spyware, enabling unauthorized individuals to monitor and extract sensitive information from the targeted device.
Interestingly, security researcher Lukas Stefanko from ESET noted that when the iRecorder app was initially published on Google Play, it did not exhibit any malicious features. This implies that the app’s genuine aims were concealed, making it harder for users to detect the threat. Unfortunately, by the time the app was deleted from the Play Store, it had already received thousands of downloads, possibly placing thousands of people at risk.
The event serves as a sharp reminder of the need for caution while installing and using apps, especially from seemingly trustworthy sources like the Google Play Store. Before putting any app on their devices, users must exercise caution and undertake extensive research. It is critical for both users and app store platforms to create a safe app ecosystem that users can rely on in the battle against malware.