A popular Android app began secretly spying on its users months after it was listed on
A cybersecurity firm says a popular Android screen recording app that racked up tens of thousands of downloads on Google’s app store subsequently began spying on its users, including by stealing microphone recordings and other documents from the user’s phone.
Research by ESET found that the Android app, “iRecorder — Screen Recorder,” introduced the malicious code as an app update almost a year after it was first listed on Google Play. The code, according to ESET, allowed the app to stealthily upload a minute of ambient audio from the device’s microphone every 15 minutes, as well as exfiltrate documents, web pages and media files from the user’s phone.
The app is no longer listed in Google Play. If you have installed the app, you should delete it from your device. By the time the malicious app was pulled from the app store, it had racked up more than 50,000 downloads.
ESET is calling the malicious code AhRat, a customized version of an open-source remote access trojan called AhMyth. Remote access trojans (or RATs) take advantage of broad access to a victim’s…