(NEXSTAR) – A screen recording app available on the Google Play store that was installed more than 50,000 times functioned normally for months before it started spying on users, researchers said.
The app, iRecorder – Screen Recorder, was first uploaded to the Google Play store on September 19, 2021, according to Lukas Stefankoa malware researcher with cybersecurity firm ESET.
Stefanko said the app had no harmful features until a later update changed the code, likely in August 2022. After that date, the malicious code allowed bad actors to make secret audio recordings and secretly transfer photos, videos, saved web pages, and other files off devices, according to ESET.
Anyone who downloaded the app before August 2022, may still be exposed if they updated the app manually or automatically. It is not yet clear whether the developer or another actor is responsible for the update that converted the app into a Trojan horse.
“The app’s particularly malicious behavior – exfiltrating microphone recordings and stealing files with specific extensions – is likely to suggest that it is part of an espionage campaign,” Stefanko wrote. “However, we have not been able to link the app to any specific malicious group.”
While it’s not unusual for an app to have malicious features, Stefanko writes that it’s rare for an app to operate legitimately for months before targeting Android owners’ private data.
The app is no longer available on the Google Play store, TechCrunch reports, but if you already have it on your phone you should uninstall it and clear app files.
Nexstar reached out to Google for comment on the app but did not receive a response as of the time of publishing.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
