Malicious screen recording app was stealing data for over 9 months

It comes as no surprise that over the past few years, both Google and Apple have been making efforts to prevent malicious apps from entering their respective app stores. However, threat actors always find a way as according to a new report from ESET, a malicious Android app called “iRecorder – Screen Recorder” was secretly recording and transmitting users’ audio every 15 minutes.

Originally launched as a screen recording app back in September 2021, the app reportedly received a malicious update in August 2022, which installed AhMyth, an open-source Remote Access Trojan (RAT), on users’ devices. This allowed the app to record audio, establish a connection to the attacker’s server, and upload recorded audio files and sensitive data. Additionally, with the appropriate permissions, the app was also able to intercept text messages and phone conversations.

Undetected for over nine months

The fact that the app went undetected for over nine months makes this incident even more concerning, as users had no way of realizing that threat actors were recording their voices every 15 minutes. Moreover, researchers also speculate that the app was possibly part of an active espionage campaign, however, this claim remains a hypothesis without additional evidence.

“It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code,” said ESET security researcher Lukáš Štefanko.

Although Google removed the app from the Play Store after the incident came to light, it is uncertain whether all current users are aware of its malicious behaviour or have taken appropriate action. Therefore, if you still have the app installed, delete it immediately and run a full scan of your device using a trusted antivirus tool. Additionally, users should always exercise caution while downloading an app, even from the Play Store, and pay close attention to the permissions requested by every app on their mobile device. Furthermore, it is important to regularly check if an app is unnecessarily using data in the background.