If you think that an app you've downloaded is safe, you might want to think again once it gets an update. A legitimate app from Google Play called iRecorder Screen Recorder, a seemingly harmless app becomes a spying device for threat actors after its latest update.
Screen Recorder Turned Bad
The Android app iRecorder Screen Recorder was once a functional app that did what it was intended for, yet an update almost a year after it was released in September 2021, it started to secretly record the audio of its users.
The app was said to be recording one-minute audio clips every 15 minutes by remotely turning on the user's mic on the device. The recordings are then sent to the developer's server through an encrypted link, as reported by The Verge.
The update occurred around August 2022 and included a malicious code based on the open-source AhMyth Android Remote Access Trojan (RAT). What is worrisome is that the RAT was able to get past Google's filters, making other apps susceptible to malware as well.
iRecorder Screen Recorder so far had around 50,000 downloads before it was even removed from Google Play Store, so if by any chance you're one of the people who downloaded it, you should uninstall the app right away.
Essential Security against Evolving Threats or ESET, stated that it was rare for a developer to upload a legitimate app and then wait a year to update it with malicious code. This makes you wonder how many apps will actually do it, especially if Google can't filter it.
Aside from audio, the trojanized app is also able to exfiltrate files with extensions that represent saved web pages, images, video, and document files, as well as file formats that are used for compressing files.
As of right now, the trojan scheme has not yet been linked to any hacker group or organization, so no one can say for sure if this was part of an espionage effort. Although, AhMyth has been linked before to a cyberespionage group called Transparent Tribe, according to WeLiveSecurity.
How Bad Could It Be?
A lot can be learned about you based on what you say on a daily basis, as well as the verbal interaction you participate in. For instance, the hacker can record an audio of a business meeting that's discussing a sensitive and private topic.
Through the audio extracted from your mic, they can learn things like your name, your age, your address, and more sensitive information that you can think of. That information, in turn, can be used to conduct phishing scams or other fraudulent activities.
You can check if one of the apps on your device is secretly recording you by booking out for signs. Try to go to your device settings and see if an app has changed its permission settings even if you did not give it access, as pointed out by Process and Control Today.