(NEXSTAR) – A screen recording app available on the Google Play Store that was installed more than 50,000 times was working normally for several months before it started spying on users, researchers say.
The app, iRecorder – Screen Recorder was first uploaded to the Google Play Store on September 19, 2021, According to Lucas Stefankoa malware researcher with cybersecurity company ESET.
Stefanko said the app had no malicious features until a later update changed the code, likely in August 2022. After that date, the malicious code allowed bad actors to make secret audio recordings and secretly transfer photos, videos, saved web pages, and other files from devices, according to the ESET.
Anyone who downloaded the app prior to August 2022 may still have been detected if they updated the app manually or automatically. It is not yet clear if the developer or another actor is responsible for the update that turned the app into a Trojan.
“The application’s specific malicious behavior – ejecting microphone recordings and stealing files with specified extensions – tends to indicate that it is part of an espionage campaign,” Stefanko wrote. “However, we were unable to attribute the app to any particular malicious group.”
While it’s not unheard of for an app to have malicious features, Stefanko writes that it’s rare for an app to run legitimately for months before targeting Android owners’ private data.
Nexstar has reached out to Google for comment on the app but has not received a response at the time of publication.
Copyright 2023 Nexstar Media Inc. All Rights Reserved. all rights are save. This material may not be published, broadcast, rewritten, or redistributed.
“Friendly food geek. Communicator. Hipster-friendly creator. Bacon evangelist. Zombie nerd. Pop culture advocate. Beer aficionado.”