Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan

The iRecorder app is capable of recording and sharing audio with the attacker and exfiltrating files with extensions for images, audio, and video.

Advertisement
Written by David Delima, Edited by Siddharth Suvarna | Updated: 25 May 2023 11:41 IST
Highlights
  • Google has removed the iRecorder screen recording app from the Play Store
  • ESET researchers have dubbed the newly discovered trojan AhRat
  • Users will have to manually remove the infected app from their devices
Google Removes Android Screen Recording App Found Spying on Users With Remote Access Trojan

AhRat is a customization of the open-source AhMyth remote access trojan (RAT)

Photo Credit: Pexels/ Sora Shizamaki

Google recently removed a trojan-infected Android app, that was installed on over 50,000 devices, from the Play Store. According to the security firm that detected the trojan, the app was first uploaded by the developer in 2021 and then infected with malicious code a year later. The app was also capable of extracting and uploading users' files by detecting extensions for audio, video, and web pages. While the app has been removed from the Play Store, users who downloaded it will have to manually remove the app from their devices.

According to a report published by ESET researchers, the iRecorder app was uploaded to the Play Store for the first time in September 2019, without any malicious functionality. Nearly a year later, the app was infected with the open-source AhMyth Android RAT (remote access trojan) in a variant that the researchers dubbed AhRat. Users who updated the app, or downloaded it for the first time since August 2022 would have the infected app on their device.

The iRecorder app had over 50,000 downloads on the Google Play store
Photo Credit: Screenshot/ ESET

 

While the initial version of the app did not have any malicious functionality, ESET states that it was later updated with code that allowed it to engage in malicious behaviour, including recording ambient sound and audio by utilising the phone's mic. These recordings could then be uploaded to the attacker's command-and-control (C&C) server. The app was also capable of extracting files with specific extensions, such as video, audio, images, web pages, documents, and compressed files.

Advertisement

ESET's researchers explain that the AhMyth RAT is a very powerful tool that can exfiltrate text messages, call logs, and contacts on a user's phone while recording audio, capturing images, tracking the device's location, and generating a list of all the files on the smartphone. 

Advertisement

The app's behaviour suggests that the AhRat trojan could be used as part of an espionage campaign, according to the researchers, who were unable to attribute it to any advanced persistent threat (APT) group. Meanwhile, ESET says that the original open-source AhMyth RAT was previously used by cyberespionage group APT36 — commonly known as Transparent Tribe — to target government and military organisations in South Asia. 

After ESET flagged the malicious code in the iRecorder app to Google, the app was removed from the Google Play store. The app has already been downloaded 50,000 times, according to the listing at the time of its removal. Users who installed or updated the application after it was infected will have to manually uninstall it in order to remove the infected app from their smartphones.

Advertisement

Google I/O 2023 saw the search giant repeatedly tell us that it cares about AI, alongside the launch of its first foldable phone and Pixel-branded tablet. This year, the company is going to supercharge its apps, services, and Android operating system with AI technology. We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Malware, Android Malware, Trojans, RAT
Vivo S17, Vivo S17 Pro Launch Date Set for May 31, Design Teased Ahead of Launch: Report
Facebook Parent Meta Starts Final Round of Layoffs as Part of Plan to Cut 10,000 Roles
Advertisement

Related Stories

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Xiaomi 15s Pro Design, Camera Details Teased Ahead of Launch Today
  2. Vi Rolls Out 'Nonstop Hero' Plan With Truly Unlimited Data and Calls
  3. Infinix GT 30 Pro 5G With MediaTek Dimensity 8350 Ultimate SoC Launched
  4. Sam Altman Reportedly Drops Clues About 'Secret' AI Device With Jony Ive
  5. Honor 400 Series Confirmed to Get Six Years of Android Updates
#Latest Stories
  1. Vodafone Idea (Vi) Rolls Out ‘Nonstop Hero’ Plan With Truly Unlimited Data, Calls in Kolkata and Other Circles
  2. OpenAI’s Sam Altman Reportedly Hints at New AI Device Being Developed With Jony Ive
  3. Vodafone Idea Updates Family Postpaid Plans to Let Users Add Up to 8 Additional Members
  4. Amazon Begins Testing AI-Powered Audio Product Summaries Feature on Its Platform
  5. Mistral Releases Devstral, an Open-Source Agentic Coding AI Model That Outperforms GPT-4.1 Mini
  6. Sony to Fully Shut Down PlayStation Stars Loyalty Program Next Year
  7. Samsung Galaxy Z Flip 7 to Arrive With Samsung’s First 3nm Chip After Skipping the Galaxy S25 Series: Report
  8. DoT to Share Financial Fraud Risk Indicator Data With Banks, UPI Service Providers and Financial Institutions
  9. Computex 2025: Five Takeaways From Asia’s Biggest AI Tech Show
  10. Infinix Xpad GT With Snapdragon 888 SoC, 10,000mAh Battery Launched: Price, Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.