Subscribe to our newsletter and stay informed

Check out our list of top companies

Check out our carefully compiled lists of the most relevant and impactful companies within their fields.

Check out our list of top unicorns

Read and learn about the biggest companies that various countries have produced, how they made it, and what the future looks like for them.

iRecorder Android App Exposed: Secret Spying and Data Theft Uncovered

iRecorder, has been discovered to be secretly spying on its users months after its initial release on Google Play
May 30, 2023

A once-popular Android screen recording app, iRecorder, has been discovered to be secretly spying on its users months after its initial release on Google Play. The app, which had amassed tens of thousands of downloads, was found to be stealing microphone recordings and other documents from users’ phones.

Cybersecurity firm ESET conducted research on the app and discovered that the malicious code was introduced as an update nearly a year after iRecorder was first listed on Google Play. This code enabled the app to covertly upload a minute of ambient audio from the device’s microphone every 15 minutes and exfiltrate documents, web pages, and media files from users’ phones.

iRecorder has since been removed from Google Play, but not before it had been downloaded more than 50,000 times. Users who have installed the app are advised to delete it from their devices immediately.

ESET has identified the malicious code as AhRat, a customized version of an open-source remote access trojan (RAT) called AhMyth. RATs exploit broad access to victims’ devices and can include remote control features, functioning similarly to spyware and stalkerware. Lukas Stefanko, a security researcher at ESET, revealed in a blog post that iRecorder contained no malicious features when it first launched in September 2021. However, once the AhRat code was introduced as an update, the app began stealthily accessing users’ microphones and uploading their phone data to a server controlled by the malware’s operator. Stefanko noted that the audio recording “fit within the already defined app permissions model,” as the app was designed to capture screen recordings and required access to the device’s microphone.

The identity of the individual or group responsible for planting the malicious code remains unclear, as does their motivation. Stefanko suggests that the code is likely part of a broader espionage campaign, potentially conducted on behalf of governments or for financial gain. He also noted that it is “rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code.”

Despite efforts by Google and Apple to screen apps for malware before listing them for download, malicious apps can still slip through the cracks. In 2022, Google reported that it had prevented over 1.4 million privacy-violating apps from reaching Google Play. This incident serves as a reminder for users to remain vigilant and cautious when downloading apps, even from trusted sources like Google Play.

More about: 

Last related articles

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram