(NEXSTAR) – A screen recording app available on the Google Play Store with over 50,000 installs was working fine for months before it began spying on users, researchers say.
The app “iRecorder – Screen Recorder” was first uploaded to Google Play Store on September 19, 2021. According to Lucas Stefankoa malware researcher at cybersecurity firm ESET.
Stefanko said the app had no harmful features, presumably until the August 2022 update changed the code. Since that date, malicious code has allowed malicious actors to create covert audio recordings and covertly transfer images, videos, saved web pages and other files, according to ESET. Stop using your device.
People who downloaded the app before August 2022 can still be infected if they manually or automatically update the app. It is not yet clear whether the developer or another attacker is responsible for the update that turned the app into a Trojan horse.
“Certain malicious behavior of the app, such as stealing microphone recordings or stealing files with certain extensions, tends to suggest it’s part of an espionage campaign,” Stefanko said. wrote. “However, we were unable to attribute this app to any specific malicious group.”
Stefanko wrote that while it is not unheard of for apps to contain harmful features, it is unusual for an app to function legitimately for months before targeting an Android owner’s personal data.
Nexstar reached out to Google for comment on the app, but did not receive a response at the time of publication.
Copyright 2023 Nexstar Media Inc. All rights reserved. You may not publish, broadcast, rewrite or redistribute this material.