Malicious Android apps are quite common and most of them easily bypass Google Play’s security detections. The latest one is a recorder app with over 50,000 downloads that was secretly recording nearby audio every 15 minutes.
Malicious iRecorder Screen Recorder app discovered
In a blog post, security researcher Lukas Stefanko from ESET shared that the app is called iRecorder Screen Recorder and it was on the Google Play Store since September 2021. As the name suggests, iRecorder Screen Record’s functionality was recording screens on Android devices. What started out as a simple screen recording app turned out to be a malicious one eleven months later.
Here are some of the concerning issues that were discovered:
- This app could remotely turn on the mic of the Android device and use it to record sound.
- It could also connect the Android device to a remote server which was obviously controller by hackers, and upload the recorded audio to it.
- Not just this, the app also had the ability to upload sensitive files that may be present on the device.
- Stefanko installed the app on a couple of devices in his lab and found that the app would record audio at intervals of 15 minutes.
- He found that the app received an instruction to record one minute of audio every 15 minutes, and send it to the attacker-controlled server.
- The recording instruction kept coming and it wouldn’t stop as long as the app is installed on the device.
The app had 50,000 downloads on the Play Store before it was removed by Google. The researcher couldn’t determine how many users were affected by the malware. The developer of the app “Coffeholic Dev” has other apps in the Play Store too but none of them showed evidence of any malicious activity.
Such malicious apps may be able to easily bypass Google’s security systems but they’re also quickly removed from the Play Store. This one too was immediately removed from the Play Store once the researcher’s post went up.
