This article was published 2 yearsago

In a startling revelation, cybersecurity firm ESET exposed the alarming actions of a once-popular Android screen recording app. “iRecorder – Screen Recorder.” According to its research, the app has been found to secretly spy on its users, stealing sensitive data and conducting unauthorized surveillance.

In a blog post, ESET security researcher Lukas Stefanko noted that the iRecorder app was free of malicious features when it first launched in September 2021. At that time, it was simply another innocent screen-recorder app, one that gained much popularity among users, given that it had over 50,000 downloads at a point of time.

Once the malicious code – which ESET calls AhRat – was introduced via an update to new and existing users nearly a year later, the app began to – sneakingly – access the user’s microphone and upload recordings, documents, web pages, media files, and other data to a server controlled by the malware’s operator via an encrypted link. The iRecorder app is no longer listed on the Google Play Store. At this point, it is unknown whether the developer or some third-party introduced the AhRat code at the update. Stefanko noted that the audio recording “fit within the already defined app permissions model,” and that they have not detected any more AhRat cases.

“Aside from providing legitimate screen recording functionality, the malicious iRecorder can record surrounding audio from the device’s microphone and upload it to the attacker’s command and control (C&C) server. It can also exfiltrate files with extensions representing saved web pages, images, audio, video, and document files, and file formats used for compressing multiple files, from the device. The app’s specific malicious behavior – exfiltrating microphone recordings and stealing files with specific extensions – tends to suggest that it is part of an espionage campaign. However, we were not able to attribute the app to any particular malicious group,” he wrote in the post.

It is incidents like this that erode user trust in app developers and platforms, raising concerns about the security and privacy of personal data. Users rely on app stores to vet and verify applications, assuming that listed apps adhere to certain security standards. It also underscores the importance of maintaining a vigilant approach to app permissions and security. Users must exercise caution before granting extensive access rights to any application.

On the other hand, it is up to app developers and platforms to maintain the trust of users and implement rigorous security measures and conduct extensive vetting processes. Given the rising concerns about user privacy and security, it will not be far-fetched to assume that Google will adopt similar measures. Google itself claimed that it had stopped more than 1.4 million privacy-violating apps from reaching the Play Store.