The alert was given by cybersecurity experts from the ESET agency who discovered a popular Android application infected with a specific malware. The application has been spying on users’ smartphones for several months, until then available in the official store, the Google Play Store.
The application itself has registered more than 50,000 downloads and installations on Android mobile devices and has gone from being a simple screen recording application to a threat. In other words, despite promising innocuous functions, it hid a hidden action due to the malicious software it included.
The app hit the Google Play Store in September 2021
The most peculiar thing is the fact that the application does not have any type of malicious software, nor trojanwhen it first became available on the Google Play Store in September 2021. In other words, its first build was perfectly innocuous.
It was only later, with app updates, that the malicious code was introduced, capable of extracting voice recordings from the smartphone using the microphone. The exact date of this update has been set to August 2022 with version 1.3.8.
In addition, the application could access more sensitive information on the mobile device, any and all data stored on the Android smartphone. Until then, it escaped the filters of the Google Play Store, and has now been denounced in the look for from ESET.
AhRat malware infection hitherto hidden in the Google Play Store
Most importantly, the name of the application: iRecorder – Screen Recorder. As the name suggests, this was a screen recording tool, which is quite common in Android devices, and it served that purpose.
By the way, the reviews on the Play Store were mostly positive, indicating the correct operation of the application for recording screen content. However, users were unaware that the app also had another, more sinister purpose.
The risk was compounded in August 2022 with the introduction of the aforementioned version 1.3.8 of the app through the Google Play Store. There, when analyzing its operation, it was discovered that the application could use the device’s microphone to listen to conversations.
Remove iRecorder – Screen Recorder App
Until then it was necessary to give permission for the app to have access to it (the microphone), now going to bypass this security control. The app also had access to the mobile device’s storage, which means it could filter everything we had stored.
Finally, after ESET’s complaint, Google has already removed the application from the Google Play Store. However, if you still have it installed on your smartphone, it is best to remove it as soon as possible.