An Android-based App Found Secretly Spying on Users a While After Being on Google Play
Syed Imran Haider 
A cyber-security firm has reportedly found a popular app called iRecorder spying on its users on Android devices. It’s a screen recording app downloaded thousands of times from Google Store. It subsequently started secretly observing its users and sneaking into their microphone recordings and other logs.
According to ESET research, iRecorder, an Android-based screen recorder, brought a malicious code as a part of its yearly update in 2022 after Google Play listed it on the platform. The research says the code lets the Android app furtively upload a minute of voice file from the gadget’s mic every often and grasp other documents, media files, and web pages from the user’s device.
While the Google Play store does not have the iRecorder app in its listing, tech analysts recommend users who have already downloaded the app should delete and uninstall it. When the app store removed malicious screen recording apps from its platform, it had reached up to 50,000 downloads.
AhRat is the malicious code that the app to perform illegal activities. Besides the code, ESET mentions AhMyth, a customized open-source remote access trojan that benefited from broad access to a user’s device and included remote control. It also functioned like stalkerware and spyware software.
The iRecorder – Screen Recording App
According to an ESET security researcher, Lukas Stefanko, the iRecorder app did not have malicious features at the time of its debut in September 2021. It is worth mentioning that Stefanko discovered the malware. When the AhRat’s malicious code arrived as a part of the updates to the new and existing users who downloaded the iRecorder directly from the Google Play store, the app initiated approaching the user’s mic furtively and uploading to their mobile phone data to a malware operator-controlled server.
Stefanko says the voice recordings go appropriately with the already defined permissions within the app model. It is because the screen recording app has a naturally designed interface aimed at capturing the phone’s audio recordings. It is still vague whether the developer or someone else planted the malicious code and what was the purpose behind doing so. Some digital media platforms contacted the developer through email given on the app’s listing before the Google Play store removed it, but they did not reply yet.
According to Stefanko, the malicious code was a component of a broad espionage campaign where cyber criminals make an effort to collect data, targeting their choices, at times, on behalf of administrations or monetarily motivated purposes. He says developers early transfer such things to a legitimate app, wait for twelve months and then upload it via a malicious code.
It is not the first time for an app store like Google Play to remove bad apps from their platforms. Apple and Google apps often act proactively to eliminate apps when they might pose a risk to users. In 2022, Google prevented over 1.4 million apps potentially violating its privacy policy from getting listed on Google Play Store.
