In a shocking announcement, a Researcher found a once-legitimate app on the Google Play Store turned sour and started secretly recording audio every 15 minutes. An Android app iRecorder Screen Recorder is busted secretly recording audio and sharing it through an encrypted link, to the developer's server. In another case, an app called "Voice Recorder" was found to be recording audio even when the app was not in use. The app had been downloaded over 1 million times before it was removed from the Google Play Store.
A report from ESET speaks in-depth on how an app called ‘iRecorder Screen Recorder’ went from an innocent app to a spy tool. The app had some 50,000 downloads, though Google has since removed it from the Play Store along with other apps by the developer, ‘Coffeeholic Dev.’ It is worth noting that ESET didn’t find signs of malice in other apps by Coffeeholic.
As per the blog post, "Initially, the iRecorder app did not have any harmful features. What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch."
iRecorder launched on the Play Store in September 2021 as a tool to help users record their screens. However, eleven months after launching, the app suddenly gained new capabilities allowing it to remotely turn on the phone’s microphone and record sound.
As per the blog post, the app was updated in August 2022 to include malicious code "based on the open-source AhMyth Android RAT (remote access trojan)." With this the app has succeeded in spying on the users for almost 11 months.
The app would do so every 15 minutes and record for about one minute, then send the audio along with other sensitive files stored on the device to an attacker-controlled server.
ESET also noted that it’s unusual to find a malicious app that actively records a wide base of victims. The researchers posit that the app could be part of an active espionage campaign but haven’t found any evidence to indicate that’s the case. ESET also didn’t find evidence that the app was targeted at a specific group of people.
Indeed, this type of scam apps are usually found masquerading in the App Store and Google Play Store. They have predatory subscription pricing and fake reviews to attract victims and become more visible. Once you download and grant them permission to access information on your phone, they gather this data and send it to the developer for malicious activities.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
