This is the application you may have on your Android that has been recording your conversations for a year without permission

Privacy may be compromised. Since a year an application for Android recorded user conversations without permission every 15 minutes for one minute and sent the recordings to the developer, Lukas Stefanko, a researcher at Essential Security Against Evolving Threats (ESET) reported on the company’s blog.

the app iRecorder Screen Recorderwith 50,000 installs on Google Play, was loaded into the virtual store since September 19, 2021 with the screen recording feature and worked without any malware, but since August 2022 it was updated and started malicious behavior, ESET emphasizes.

5 companies from Google and other giants that promised to be “the most successful in the world” and failed miserably

“The malicious code added to the clean version of iRecorder is based on the open source Android RAT (Remote Access Trojan) AhMyth and modified into what we call AhRat,” he adds.

After the ESET report, the app was removed from Google Play, but it had more than 50,000 installs until March 2023.

“The specific malicious behavior of the application includes extracting recordings from the microphone and the theft of files with specific extensions, indicating possible participation in an espionage campaign,” the May 23 report said.

Scope of the malicious Android app

The report explains that the malicious iRecorder app not only provided legitimate screen recording functionality, but was also able to “exfiltrate files from the device with extensions representing saved web pages, images, audio, video and document files, and file formats that are used to compress multiple files.” files.

Another aspect that emerged from the research that discovered the new remote access Trojan is that Android users who installed the non-malicious version “could have unwittingly exposed their devices to AhRat if they then manually or automatically updated even without granting another app permission approval.”