This top Android screen recorder app is actually spyware, so delete now

Legitimate Android app turned malicious a year after inception

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

After almost a year of working properly and being cleanly distributed through thePlay Store, a popular Android screen recording app has turned on its users, recording their calls, stealing files, and even listening in to the sounds of the device’s environment.

Cybersecurity researchers from ESET found the app, named iRecorder - Screen Recorder, which was added to the Play Store in September 2021, turned sour in August 2022.

In the year beforemaliciouscode was apparently added, more than 50,000 people had downloaded the app, the report said.

Unknown motives

The malware that was subsequently added is based on the open-source AhMyth Android Remote Access Trojan (RAT), but was heavily modified. ESET says whoever modified the code took their time to understand the code of both the app and the back end. ESET’s researchers dubbed the malware AhRat.

The threat actors behind the compromise are unknown, and so are their motives. But given the functionalities of AhRat, all things point to an espionage campaign, the researchers said. After all, besides the screen recording feature (which isn’t malicious), the app can record ambient audio picked up by the endpoint’s microphone, and exfiltrate files such as saved web pages, images, audio, video, document files, and more.

“The AhRat research case serves as a good example of how an initially legitimate application can transform into a malicious one, even after many months, spying on its users and compromising their privacy. While it is possible that the app developer had intended to build up a user base before compromising their Android devices through an update or that a malicious actor introduced this change in the app; so far, we have no evidence for either of these hypotheses,” ESET researcher Lukáš Štefanko said.

In other words, there’s a slight chance the app was taken over by malicious actors and used in a supply chain attack.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Over 50 Chinese apps banned in fresh crackdown by the Indian government>Windows 11 now has much better protection against brute-force attacks>Here are the best ID theft protection tools right now

The iRecorder app versions 1.3.8 and older are not malicious, it was said, but if you updated it in the meantime, chances are - you’ve been compromised. The worst part is that the victims didn’t even need to grant the app any further permissions. The app has since been removed from the Play Store.

For safer alternatives, we tested out thebest screen recordersand thebest free screen recordersfor capture your display without security concerns.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats