An Android screen recording software was found to discreetly record and send audio to unknown places. The software has been on Google Play since September 19, 2021, according to ESET researcher Lukas Stefanko. After 50,000 downloads, the application became nasty.
After an August 2022 update, the Android app iRecorder – Screen Recorder started recording a minute of audio every 15 minutes. The developer’s server received these clips through encrypted connection. Stefanko commented on WeLiveSecurity that the iRecorder software was initially harmless.
A developer seldom releases a legal Android app, waits, and then updates with malicious code. The “open-source AhMyth Android RAT (remote access trojan)” AhRat was inserted to the clean version of iRecorder.
The Android recording app might record screen and microphone sounds and send it to the attacker’s C&C server. It can also extract web page, picture, music, video, document, and compressed file extensions from the selected device.
For Nearly A Year, Google Android App Recorded Users.
The Android app’s harmful behavior strongly suggests spying. ESET could not detect a program-related group. Fortunately, Google Play has removed iRecorder, and researchers haven’t identified any AhRat malware elsewhere.
AhMyth-based Android malware has previously infected Google Apps. WeLiveSecurity published trojanized app study in 2019. The malware evaded Google’s app-vetting twice by masquerading as a radio streaming service. Even with approved app shops, the incident emphasizes prudence.
Scam applications are common in Android and Apple App Stores. Recorder applications are renowned for exploitative subscription pricing and phony reviews. Apps that become malevolent use their rights to access sensitive data on devices.
The question persists after the iRecorder Android app was removed. What prevents a dormant agent from spying on your device? Luckily, Google is creating updates that notify users of app data-sharing changes periodically.
These projects attempt to improve transparency and empower app users. To avoid spyware, update your OS and browsers periodically. Use trusted antivirus and anti-spyware software. Regularly search for threats.
These habits can greatly lower your risk of Android app malware and other cyberattacks.