Dangerous Android App Exposed for Unauthorized Voice Recording Every 15 Minutes
|Illustration of How to Fix Play Store Unable to Download Applications. (Shutterstock.com)|
In recent reports, a dangerous application has been found circulating on the Google Play Store, posing a threat to Android users. This app, known as iRecorder Screen Recorder, has been discovered to surreptitiously record users' voices without their consent. The revelation comes from Lukas Stefanko, a researcher at the network security company Eset.
The iRecorder Screen Recorder app was initially released in September 2021. According to Stefanko's findings, the app appeared harmless at first but did request access permissions to photos, media, files, and the device's microphone.
However, after 11 months of its release, the app introduced an update to version 1.3.8 in August 2022, which brought along a new feature. Ironically, this new feature proved detrimental to the users.
Stefanko discovered that the app's update included malicious code "derived from AhMyth, an open-source remote access Trojan (RAT)."
With this malicious code, iRecorder Screen Recorder gained the capability to remotely activate the device's microphone and record audio from a distance. It would then connect to a server controlled by the attacker and upload the recorded audio and other sensitive files stored on the device. All of this was done discreetly, without obtaining any permission from the user. Over time, the code taken from AhMyth underwent significant modifications, indicating that the developers became more proficient with this open-source RAT.
To validate his findings, Stefanko repeatedly installed the iRecorder Screen Recorder app on devices in his lab. Each time, he obtained the same result: iRecorder Screen Recorder received instructions to record one minute of audio and send it to the attacker's server.
Furthermore, the app would receive the same instructions every 15 minutes to record another minute of user audio, as reported by KompasTekno from ArsTechnica on Sunday, May 28, 2023. KompasTekno has observed that the dangerous iRecorder Screen Recorder app has now vanished from the Google Play Store. However, prior to its removal, it had already been downloaded approximately 50,000 times.
The Threat Posed by iRecorder Screen Recorder
While initially appearing harmless, iRecorder Screen Recorder took advantage of unsuspecting users by secretly gaining access to their microphones and recording audio without their consent. This breach of privacy raises significant concerns about the app's intentions and the potential misuse of the recorded data.
The Impact of the Malicious Update
The release of version 1.3.8 of iRecorder Screen Recorder in August 2022 brought with it an unforeseen danger. The update incorporated malicious code derived from AhMyth, a widely-known open-source remote access Trojan (RAT). This code enabled the app to remotely control the device's microphone, stealthily recording users' voices and transmitting the audio to a server controlled by the attacker.
Steadfast Research and Confirmation
Lukas Stefanko, a researcher at Eset, conducted meticulous investigations to validate the claims against iRecorder Screen Recorder. Through repeated installations of the app in his laboratory, he consistently obtained evidence supporting the unauthorized voice recording behavior of the app. His findings highlight the app's persistence in following instructions to record one minute of audio every 15 minutes, without any interaction or knowledge from the user.
The Disappearance of iRecorder Screen Recorder
Following the exposure of its malicious activities, iRecorder Screen Recorder has been removed from the Google Play Store. This removal comes as a relief to users who may have unknowingly downloaded the app, as it had already amassed a considerable number of downloads, reaching approximately 50,000 before its removal.
Safeguarding Your Android Device
To protect yourself from similar threats in the future, it is crucial to exercise caution when downloading applications. Stick to reputable app stores and carefully review permissions requested by apps before granting them. Regularly update your device's operating system and utilize trusted security software to ensure comprehensive protection against potential threats.
By staying vigilant and informed, you can help safeguard your privacy and maintain a secure Android experience.