Many people fear that their phones are secretly eavesdropping on them, and an Android app did exactly that. However, the story of the app in question, called iRecorder Screen Recorder, didn’t start that way.
The app started its career as a simple screen recording program on the Play Store in September 2021, and then in August of the following year, an update arrived with a new unwanted functionality.
After this update, the application began recording one-minute audio recordings every 15 minutes, and then sent them encrypted to the developer’s server, writes ESET researcher Lukas Stefanko. If that wasn’t enough, even files stored on the device can be obtained by the malicious party.
With the update, the app received malicious code, an open source Trojan (AhMyth), which also enabled unwanted eavesdropping. By the time a researcher discovered the problem and then reported it, the app had already achieved 50,000 downloads in the Play Store — details Ars technology.
What’s even more troubling is that, according to Stefanko, apps containing AhMyth have slipped through Google’s filters before, so other apps may also contain such content in the Play Store.
