An Android app secretly started recording users nearly a year after it was listed on Google Play

An Android recording app called iRecorder Screen Recorder started out as an innocent screen recording app, but it went bad about a year after it was first released. elaborated by Ars Technica, The app first appeared in September 2021, but after an update the following August, it began recording one minute of audio every 15 minutes and sending those recordings to the developer’s servers via an encrypted link. the whole thing is documented in a blog post From Essential Security Against Evolving Threats (ESET) researcher Lucas Stefanko.

In the post, Stefanko said that the app was updated in August 2022 to include malicious code “based on the open-source AhMyth Android RAT (remote access trojan)”. The app had 50,000 downloads by the time it was reported and removed from the Play Store. Stefanko said that apps with AhMyth embedded in them Made it before Google’s filter,

Scam apps aren’t new to Apple’s or Google’s app stores. Recorder apps can be particularly bad, sometimes with extortionate subscription prices and fake reviews to boost their visibility on those platforms. And Stefanko’s blog post highlights a particularly sticky problem: using the permissions you initially granted to collect sensitive information from your device and turning it off for the developer. Apps that go to the dark side for a while, after you use them. nefarious activities.

That particular app is gone, but what’s left of activating any other sleeper agents on your phone? Google is at least working on an update that will let you know via monthly notification if and when apps have changed their data-sharing practices — if it finds out, that is.