A cybersecurity company is accusing a popular Android app that has tens of thousands of downloads on Google Play of secretly spying on its users, including by stealing microphone recordings and other documents from the user’s phone, TechCrunch reports.
ESET’s research found that the Android app “iRecorder – Screen Recorder” introduced the malicious code as an app update almost a year after it was first listed on Google Play. According to ESET, the code allowed the app to invisibly upload one minute of ambient audio from the device’s microphone every 15 minutes, as well as extract documents, web pages and media files from the user’s phone.
Google Play has removed the app from its list. It’s a good idea to delete the app if it was installed on your device. The malicious app has accumulated more than 50,000 downloads.
ESET is calling the malicious code AhRat, a customized version of an open-source remote access trojan called AhMyth. Remote access trojans (or RATs) take advantage of broad access to a victim’s device and can often include remote control, but also function similarly to spyware and stalkerware.
In fact, AhMyth isn’t sneaking onto Google Play for the first time. Both Google and Apple check apps for malware before listing them for download. Last year, Google said it prevented more than 1.4 million privacy-violating apps from accessing Google Play.