Android app secretly records users every 15 mins, was listed for a year before going rogue

An Android recording app called iRecorder Screen Recorder initially appeared harmless but later turned malicious nearly a year after its release. The app, launched in September 2021, started behaving maliciously after an update in August of the following year.

It began secretly recording one minute of audio every 15 minutes and transmitting the recordings to the developer’s server through an encrypted link. The details of this incident were documented by Lukas Stefanko, a researcher from Essential Security against Evolving Threats (ESET), in a blog post.

Stefanko revealed that the August 2022 update of the app introduced malicious code based on the open-source AhMyth Android RAT (remote access trojan).

By the time the app was reported and removed from the Play Store, it had already amassed 50,000 downloads. Stefanko also highlighted that apps containing AhMyth had managed to bypass Google’s filters in the past.

Scam apps, including recorder apps, have been a recurring issue on both Apple’s App Store and Google’s Play Store. Recorder apps, in particular, have been known to engage in predatory subscription pricing and fake reviews to boost their visibility on these platforms.

Stefanko’s blog post sheds light on a concerning problem: apps that turn malicious after being installed on users’ devices, exploiting the permissions initially granted to gather sensitive information and carry out nefarious activities.

Although the mentioned app has been removed, the risk remains of other sleeper agent apps activating on users’ phones.

Google is reportedly working on updates that will provide monthly notifications to inform users about apps that have modified their data-sharing practices, assuming Google detects such changes.

Read all the Latest News, Trending News, Cricket News, Bollywood News,
India News and Entertainment News here. Follow us on Facebook, Twitter and Instagram.