May 31, 2023
One year after launching
So, there's this app called iRecorder Screen Recorder that seemed harmless at first. It hit Google Play back in September 2021, letting users record their Android device screens. But here's where things take a nasty turn.
According to security firm ESET, that innocent app got an update almost a year later, and boy, did it bring some creepy new features. It silently started recording nearby audio every 15 minutes and sending it straight to the app developer. That’s right. Your private conversations, your personal moments, all captured and shipped off without your knowledge.
It seems they sneaked in some code from AhMyth, an open-source RAT, or remote access Trojan. Once that RAT got added to iRecorder, every user who innocently downloaded the app unknowingly became part of this surreptitious audio recording scheme.
ESET security researcher Lukas Stefanko decided to put this app to the test. He installed it multiple times on different devices in his lab, and guess what? Each time, the app obediently recorded one minute of audio and sent it off to the attacker's command-and-control server. And just to make it extra creepy, the app received the same instruction every 15 minutes, like a relentless eavesdropping machine.
So, folks, be cautious out there. Keep an eye on the apps you download, pay attention to their updates, even if they seem harmless. The bad guys are always finding new ways to exploit our trust.