The app, which was first launched in September 2021, started recording a minute of audio every 15 minutes without the user’s knowledge and transmitting these recordings to the developer’s server over an encrypted channel after an update released in August 2022. The scandal was uncovered by ESET expert Lukas Stefanko.
Turned into a spy with the update
In his blog post on the matter, Lukas said the app “spied” after being injected with malicious code based on the open-source AhMyth Android RAT in an August 2022 update. iRecorder Screen Recorder had been downloaded 50,000 times so far. When the situation arose, the application was removed from the Google Play Store.
Although iRecorder Screen Recorder has already been removed from the app store, the same risk applies to other apps as well. In other words, an application you have installed may start malicious activities with a published update after obtaining all permissions from you. Security researchers recommend being careful when installing apps from Google Play and meticulously checking the requested permissions.