(NEXSTAR) – A screen recording app available in the Google Play store was installed more than 50,000 times, operating normally for months before starting to track users, researchers said.
According to Lukas Stefanko, malware researcher at cybersecurity company ESET, the iRecorder – Screen Recorder app, was first uploaded to the Google Play store on September 19, 2021.
Stefanko said that the app does not have harmful features until a later update changes the code, possibly in August 2022. After that date, the malicious code allows bad actors to create secret audio recordings and secretly transfers saved images, videos, web pages, and other files off the device, according to ESET.
Anyone who downloaded the app before August 2022 could still be exposed if they update the app manually or automatically. It remains unclear whether a developer or another actor was responsible for the update that turned the app into a Trojan horse.
“The app’s specific malicious behavior – stealing microphone recordings and stealing files with specific extensions – tends to suggest that it was part of an espionage campaign,” Stefanko wrote. “However, we cannot attribute this application to any specific malicious group.”
While it’s not uncommon for an app to have harmful features, Stefanko writes that it’s rare for an app to operate legitimately for months before targeting Android owners’ private data.
The app is no longer available on the Google Play store, TechCrunch reports, but if you already have the app on your phone, you should uninstall it and delete its files.
A Google spokesperson provided the following statement to Nexstar:
“When we discover apps that violate our policies, we take appropriate action. Devices running Android 11 or later have protections that limit app access to the device’s location, camera, or microphone. Google Play Protect also protects users from apps known to contain this malware on Android devices with Google Play Services, even if those apps come from other sources.”
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.