Popular Android screen recording app found to spy on users, stealing microphone recordings and documents

Share via:

A cybersecurity firm, ESET, has discovered that a widely-used Android screen recording app, “iRecorder — Screen Recorder,” began spying on its users after a malicious code update. The app, which had gained tens of thousands of downloads on Google’s app store, stealthily uploaded one minute of ambient audio from the device’s microphone every 15 minutes. Additionally, it exfiltrated documents, web pages, and media files from the user’s phone.

The app has since been removed from Google Play, and users are advised to delete it from their devices. By the time the malicious app was taken down, it had already accumulated over 50,000 downloads.

ESET has named the malicious code AhRat, a customized version of the open-source remote access trojan AhMyth. Remote access trojans exploit broad access to a victim’s device, often enabling remote control and functioning similarly to spyware and stalkerware.

Lukas Stefanko, a security researcher at ESET, discovered the malware and noted that the iRecorder app initially did not contain any malicious features when it was launched in September 2021. However, the AhRat code was introduced later as an app update, which granted it unauthorized access to the user’s microphone and allowed it to upload phone data to a server controlled by the malware operator.

The motive behind planting the malicious code remains unclear, as well as the identity of the perpetrator. Stefanko believes it is part of a broader espionage campaign, where hackers gather information on specific targets for various reasons, including government-backed operations or financial motivations.

While occasional instances of malicious apps slipping through app store screenings occur, it is unusual for a developer to upload a legitimate app, wait a considerable amount of time, and then introduce malicious code. Both Google and Apple actively screen apps for malware, but occasionally, apps with harmful intent make their way onto the platforms. Google reported blocking over 1.4 million privacy-violating apps from reaching Google Play last year.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Popular Android screen recording app found to spy on users, stealing microphone recordings and documents

A cybersecurity firm, ESET, has discovered that a widely-used Android screen recording app, “iRecorder — Screen Recorder,” began spying on its users after a malicious code update. The app, which had gained tens of thousands of downloads on Google’s app store, stealthily uploaded one minute of ambient audio from the device’s microphone every 15 minutes. Additionally, it exfiltrated documents, web pages, and media files from the user’s phone.

The app has since been removed from Google Play, and users are advised to delete it from their devices. By the time the malicious app was taken down, it had already accumulated over 50,000 downloads.

ESET has named the malicious code AhRat, a customized version of the open-source remote access trojan AhMyth. Remote access trojans exploit broad access to a victim’s device, often enabling remote control and functioning similarly to spyware and stalkerware.

Lukas Stefanko, a security researcher at ESET, discovered the malware and noted that the iRecorder app initially did not contain any malicious features when it was launched in September 2021. However, the AhRat code was introduced later as an app update, which granted it unauthorized access to the user’s microphone and allowed it to upload phone data to a server controlled by the malware operator.

The motive behind planting the malicious code remains unclear, as well as the identity of the perpetrator. Stefanko believes it is part of a broader espionage campaign, where hackers gather information on specific targets for various reasons, including government-backed operations or financial motivations.

While occasional instances of malicious apps slipping through app store screenings occur, it is unusual for a developer to upload a legitimate app, wait a considerable amount of time, and then introduce malicious code. Both Google and Apple actively screen apps for malware, but occasionally, apps with harmful intent make their way onto the platforms. Google reported blocking over 1.4 million privacy-violating apps from reaching Google Play last year.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at [email protected]

More like this

The CSA launches an IoT Device Security Specification and...

As useful as connected devices like video doorbells...

Samsung ViewFinity S9 5K display

Apple’s Studio Display was launched two years ago...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!