A widely held belief among users is that Google Play, Google’s app store, typically maintains a minimum level of security and prevents criminals from uploading malicious apps. While the security of the virtual store has been questioned on occasion, and we can find countless clone apps of ChatGPT, it is not very common to come across apps that contain malware.
It is not very common, but every now and then, one manages to slip through. TechCrunch has reported on an investigation by ESET, which claims that the app “iRecorder – Screen Recorder” was spying on its users. What is most striking about this case is that the app enjoyed great popularity and had been on Google Play for a year already.
According to Lukas Stefanko, a security researcher at ESET, the app initially did not contain any malicious functions when it was first uploaded to Google Play. The malicious code was inserted in a recent update, allowing the app to record audio for one minute every 15 minutes and extract documents, web pages, and media files from the devices where it was installed. All of this was done without the user’s knowledge.
This type of malware is categorized as AhRat by ESET and is a customized version of an open-source remote access Trojan called AhMyth. Such trojans take advantage of their broad access to the victim’s device, having various permissions, and the ability to remotely control the infected devices.
Currently, it is unknown who installed the malicious code in the app’s update, which has already been removed from Google Play. It could have been the developer himself, “Coffeeholic Dev,” but it could also have been a third party who gained access to the developer’s account.
Some of the links added in the article are part of affiliate campaigns and may represent benefits for Softonic.