Highlights:
- Popular Android screen recording app found to have malicious code that spied on users.
- The app uploaded minute-long audio recordings every 15 minutes and exfiltrated documents and media files.
- Security firm ESET identifies the code as a customized version of a remote access trojan called AhRat.
Android app “iRecorder — Screen Recorder” turns into a spying tool for users
A cybersecurity firm, ESET, recently discovered that the popular Android screen recording app, “iRecorder — Screen Recorder,” had undergone a significant transformation. An update to the app introduced malicious code, completely altering its functionality and allowing it to spy on unsuspecting users. This revelation raises serious concerns about user privacy and data security.
App stealthily uploads audio recordings and exfiltrates personal files
According to ESET’s research, the malicious code embedded in the iRecorder app enabled it to conduct covert surveillance on users. Every 15 minutes, the app surreptitiously uploaded one minute of ambient audio captured by the device’s microphone. Additionally, the app had the ability to extract various documents, web pages, and media files from the user’s phone without their knowledge or consent. This clandestine data theft poses a significant threat to user privacy and sensitive information.
App removed, but larger espionage campaign suspected
After the discovery of the malicious code, Google promptly removed the iRecorder app from the Google Play Store. However, the question remains as to who planted the code and what their motives were. ESET’s security researcher, Lukas Stefanko, speculates that this incident might be part of a larger espionage campaign aimed at collecting information from specific targets.
The App was here: https://play.google.com/store/apps/details?id=com.tsoft.app.iscreenrecorder&hl=hy&gl=US&pli=1
Such campaigns could be driven by governmental interests or financial motivations. Stefanko emphasizes the rarity of a developer uploading a legitimate app and then updating it with malicious code after a considerable period of time.
The case of the iRecorder app serves as a stark reminder of the risks associated with downloading apps from unverified sources. It also highlights the need for enhanced app screening measures by both app stores and users. Vigilance and caution are essential to protect personal data and maintain privacy in an increasingly interconnected digital world.
Read Next: