An Android recording app called iRecorder Screen Recorder started out as an innocent screen recording app, but went bad about a year after it was first released, as detailed here. Ars Technica, The app first appeared in September 2021, but after an update the following August, it began recording one minute of audio every 15 minutes and sending those recordings to the developer’s servers via an encrypted link. The whole thing is documented in a blog post from Essential Security Against Evolved Threats (ESET) researcher Lukas Stefanko.
In the post, Stefanko said that the app was updated in August 2022 to include malicious code “based on the open-source AhMyth Android RAT (Remote Access Trojan)”. The app had 50,000 downloads by the time it was reported and removed from the Play Store. Stefanko said that the apps with AhMyth made it past Google’s filter first.
Scam apps aren’t new to Apple’s or Google’s app stores. Recorder apps can be particularly bad, sometimes with predatory subscription pricing and fake reviews to boost their visibility on those platforms. And Stefanko’s blog post sheds light on a particularly sticky problem: Apps turn to the dark side after you’ve used them for a while, collecting sensitive information from your device after you gave them permission and It was closed for the developer. nefarious activities.
That particular app is gone, but what’s left of activating any other sleeper agents on your phone? Google is at least working on an update that will tell you, via a monthly notification, which apps have changed their data-sharing practices, and when — if it finds out, that is.