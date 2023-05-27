An Android app called iRecorder - Screen Recorder is busted secretly recording audio and sharing it through an encrypted link, to the developer’s server. As per a blog post by security researcher Lukas Stefano from Essential Security against Evolving Threats (ESET), the app shared such recordings every 15 minutes.

The Android app was available on Google Play Store since September 2021 and had 50,000 downloads. It was designed to record screens on Android devices but in addition to that it was caught sharing confidential recordings with a shady server that is expected to be in possession of hackers.

As per the blog post, "Initially, the iRecorder app did not have any harmful features. What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch."

As per the blog post, the app was updated in August 2022 to include malicious code “based on the open-source AhMyth Android RAT (remote access trojan).” Hence the app has been spying on the users for almost 11 months.

The researcher states, “While it is possible that the app developer had intended to build up a user base before compromising their Android devices through an update or that a malicious actor introduced this change in the app; so far, we have no evidence for either of these hypotheses.”

The app reportedly received an instruction to record one minute of every 15 minutes and sends it to the attacker-controlled server.

This is not the only app on the Play Store by the “Coffeholic Dev” developer. However, no other app showed any evidence of any malicious activity. The iRecorder – Screen Recorder app has now been taken down from Google Play Store.

Such scam apps are usually found masquerading in the App Store and Google Play Store. They have predatory subscription pricing and fake reviews to attract victims and become more visible. Once you download and grant them permission to access information on your phone, they gather this data and send it to the developer for malicious activities.

