Check your phone: Popular Android app reportedly started spying on users, making recordings
(NEXSTAR) – A screen recording app available in the Google Play store that was installed over 50,000 times functioned normally for months before it started spying on users, researchers say.
The app, iRecorder – Screen Recorder, was first uploaded to the Google Play store on September 19, 2021, according to Lukas Stefanko, a malware researcher with cybersecurity firm ESET.
Stefanko said that the app had no harmful features until a later update changed the code, likely in August 2022. After that date, malicious code allowed bad actors to make secret audio recordings and secretly transfer images, videos, saved web pages, and other files off of devices, according to ESET.
Anyone who had downloaded the app before August 2022, might still have been exposed if they updated the app manually or automatically. It’s not yet clear if the developer or another actor is responsible for the update that converted the app into a Trojan horse.
“The app’s specific malicious behavior – exfiltrating microphone recordings and stealing files with specific extensions – tends to suggest that it is part of an espionage campaign,” Stefanko wrote. “However, we were not able to attribute the app to any particular malicious group.”
While it’s not unheard of for an app to have harmful features, Stefanko wrote that is rare for an app to function legitimately for months before targeting the private data of Android owners.
Nexstar reached out to Google for comment on the app but didn’t receive a response as of publishing time.