Skip to content

Popular Android app approved by Google Play caught secretly spying on users

Popular Android app approved by Google Play caught secretly spying on users

[ad_1]

Popular Android Screen Recording App Spies on Users

A cybersecurity firm, ESET, found that a popular Android screen recording app called iRecorder – Screen Recorder maliciously spied on its users. The app updated its code a year after first listing itself on the Google Play Store. The updated code allowed the app to stealthily upload a minute of ambient audio from the device’s microphone every 15 minutes and exfiltrate documents, web pages, and media files from the user’s phone. ESET named the malicious code AhRat, a customized version of an open-source remote access trojan called AhMyth. By the time the app was pulled from the app store, it had already recorded more than 50,000 downloads.

How the Malware Works

According to Lukas Stefanko, a security researcher at ESET, the iRecorder app contained no malicious features when it first launched in September 2021. The app began spying on users when the malicious AhRat code was pushed as an app update to existing users and new users who would download the app from Google Play. The app would stealthily access the user’s microphone and upload the user’s phone data to a server controlled by the malware’s operator. Audio recording would fit the already defined app permission model since the app was created to capture the device’s screen recording and asks for permission to access the device’s microphone.

Who Planted the Malware?

It is still unclear who might have planted the malicious code, either by the developer or someone else and for what reason. emailed the developer’s email address listed on the app’s listing before it was removed, but they have not replied.

Implications of the Malware

According to Stefanko, the malicious code is likely part of a broader espionage campaign where hackers work to collect information on their targets, usually on behalf of governments or for financially motivated reasons. Stefanko also mentioned the rarity of a developer uploading a legitimate app, waiting almost a year, and then updating it with malicious code.

Preventing Privacy Violations on App Stores

Bad apps often slip into app stores, but Google and Apple screen apps for malware before listing them for download and may proactively pull apps that put users at risk. Last year, Google said they prevented over 1.4 million privacy-violating apps from reaching Google Play.

Conclusion

Users should delete the iRecorder app immediately if they have installed it. This incident highlights the importance of staying vigilant and wary of seemingly legitimate apps that can later contain harmful code. It also stresses the need for both users and app store companies to prioritize cybersecurity and privacy.

FAQs

What is the iRecorder app?

The iRecorder app is a popular Android screen recording app that allowed users to record their screens.

What is AhRat?

AhRat is a customized version of AhMyth, an open-source remote access trojan.

Why was the iRecorder app removed from the Google Play Store?

The iRecorder app was removed from the Google Play Store after it was found to be containing malicious code to spy on users.

Can similar apps also spy on users?

While not every app is malicious, it is still possible for other apps to spy on users. Users should read app descriptions and reviews before downloading apps, and check the permissions that the app requires.

How can users protect their devices from similar malware?

Users can protect their devices by avoiding downloading apps from untrusted sources and only downloading apps from the official app stores. Users should also stay up-to-date with software updates and use trusted security software.

[ad_2]

For more information, please refer this link