A screen recording app for Android, which was available on the Google Play Store, started spying on users and collecting files after receiving a malicious update. The behavior change was discovered by ESET and detailed in a statement released on Tuesday (23).
Launched in September 2021 as a legitimate app, iRecorder – Screen Recorder offered the ability to record smartphone screens, a useful feature for creating tutorials and other tasks. But an update made in August of last year added extra powers to him.
According to the report, the program began to activate the phone’s microphone every 15 minutes, making recordings and sending the audio to a remote server. In addition, it gained the ability to scan the device for videos, photos, documents, saved web pages, and stored audio, similarly transferred to the developer.
The iRecorder – Screen Recorder app is no longer available on the Play Store.
Responsible for the change was malicious code based on AhMyth Android RAT, an open-source remote access trojan known to extract call logs, text messages, and record audio, among other functions. The modified version, dubbed AhRat, was implemented in iRecorder as of the update.
Remove the app immediately
After the discovery of the iRecorder – Screen Recorder trojan, Google was alerted and removed from the Play Store, as well as all software belonging to the same developer — only this one had malware. However, the app accumulated at least 50,000 downloads before the ban.
If you have the iRecorder – Screen Recorder app installed on your Android phone or tablet, it is advisable to immediately remove it from your device. The recommendation is even valid for those who have a version before 1.3.8, which enabled the spy features silently.