ESET, one of the world’s largest cybersecurity companies, has detected that an application on the Google Play Store, which has been downloaded more than 50 thousand times, is malicious. Research reveals that the application did not contain any problems when it was first released, but was made malicious with an update released in August 2022.
The name of the application that threatens Android users is called “iRecorder – Screen Recorder”. This app was first released in September 2021 and its purpose was for users to be able to screen record. However, the practice deviated from its purpose in the next stage and evolved towards a completely different point. According to ESET’s research, the malware was recording the surrounding sound once every 15 minutes and sending it to an external source.
The app’s page on the Google Play Store:
The investigations revealed that this application, which was innocent at the beginning, was added later. This addition was a tool called “AhMyth RAT”, which is a major threat to Android devices. This malicious tool could extract messages, calls, contacts, documents, file list from a smartphone, track device location instantly. ESET has detected that only audio recording and file access features are used in iRecorder – Screen Recorder.
It is unknown how many people’s voice recordings were leaked and where the target audience is!
ESET announced that it was unable to determine how many people were affected by the malware in iRecorder – Screen Recorder. It is also unclear who the app is targeting. So the developer team may have done something like this just to listen to people. But one thing ESET people are sure of: the developers of “Coffeeholic Dev” put a lot of effort into understanding and customizing the AhMyth RAT tool.
What will those who say “I also downloaded this application” do?
iRecorder – Screen Recorder has been removed from the app store after ESET’s notification to Google. But you may have downloaded this app in the past. So what should users do in this situation?
In order for your audio to be recorded via iRecorder – Screen Recorder, you had to allow the application to use microphone and file access. If you did, your received audio recordings have already been transferred to another server. So there is nothing you can do for outgoing data. Uninstalling the application and scanning with mobile security applications from companies such as ESET can help you relax in the next process. If there are things you don’t like, formatting the phone will be the cleanest solution.