Popular Android app is secretly SPYING on users – what to do if you have it installed
>
Uninstall this app NOW: Popular Android app is secretly spying on users – what to do if you have it installed
- iRecorder secretly steals images, files and web information on Android devices
- It also records an audio clip every 15 minutes by hijacking the microphone
- Cyber experts at ESET currently do not know who is behind this malicious attack
Cybersecurity experts have warned that a popular Android app is secretly spying on users as part of a possible espionage campaign.
Phone owners have been urged to uninstall a malicious app known as iRecorder after it was found to subtly steal files, web information and even photos.
The unsuspecting screen recorder even uses a phone’s microphone every 15 minutes and records a piece of audio for unknown purposes.
This malware, discovered by ESETwas not part of the app when it launched in 2021.
Instead, attackers took a more unusual approach, with malicious features emerging almost a year later, in what may have been disguised as a typical update.
iRecorder secretly steals images, files and web information on Android devices (file image)
“Interestingly, the app passed initial testing to get into the Google Play Store, but it was the update that brought the malicious activity over,” said Jake Moore, Global Cybersecurity Advisor at ESET.
Although the app has now been removed from the Google Play Store, if you installed it while it was still live, it is recommended that you uninstall it from your phone.
“Deleting the app keeps the phone safe from prying eyes and ears.”
ESET believes the app has been downloaded by more than 50,000 people since its launch on Google Play three years ago.
Google has now removed this and Apple devices are unaffected, but it is still available to download from alternative Android markets.
Before use, phone holders are asked to allow iRecorder to record audio and “access photos, media, and files.”
But ESET claims that there are no other special permission requests that could indicate the malicious intent.
It is currently uncertain whether there is a specific group behind this malware that uses a powerful open-source tool known as ‘AhMyth’.
Google has now removed this and Apple devices are unaffected, but iRecorder can still be downloaded from alternative Android markets
But ESET claims that AhMyth was previously employed by the Transparent Tribe – a cyber-espionage group targeting governments and military groups in South Asia.
To remove these malicious features from a device, users just need to uninstall the app.
Google also offers a built-in security feature called Play Protect that can scan your apps for malware in the future.
This malware also comes just weeks after security firm Kaspersky found 11 other apps on Google Play that contain a new type of malware known as Fleckpe.
This largely included photo and video editing apps, including ‘Photo Effect Editor’ and ‘Beauty Slimming Photo Editor’.
At the time, Google said it “takes security and privacy claims against apps seriously” and removed these apps.
Despite the malware risks, ESET urges phone users to continue updating their phones as the benefits outweigh these risks.
Mr Moore added: ‘Hopefully this shouldn’t deter people from updating as more damage can usually be done by not installing timely app and device updates.’
MailOnline has approached Google for further comment.