A screen-recording app turned into a bug, recording the user’s voice and uploading it to the server every 15 minutes – IT HOME

IT Home News on May 25th, Google and Apple’s app stores often have some fraudulent apps, some will charge high subscription fees, and some will use fake reviews to improve their ranking on the platform. A blog post by Lukas Stefanko, a researcher at cybersecurity firm Essential Security against Evolving Threats (ESET), reveals a more thorny issue:Some apps start behaving maliciously some time after the user has downloaded them, taking advantage of the permissions the user initially granted them to collect sensitive user information and send it to the developer for nefarious activities.

IT Home noticed that the article introduced a program called iRecorder Screen RecorderandroidAfter the screen recording software was launched in September 2021, the malicious code was updated in August of the following year.Start recording the user’s voice for one minute every 15 minutes, and send it to the developer’s server through an encrypted linkthe software had 50,000 downloads before being reported and taken off the shelves.

Lukas Stefanko revealed in a blog post that the software uses the open source AhMyth android RAT (Remote Access Trojan) code that can remotely control a user’s phone. Stefanko also said that this isn’t the first time an app has used AhMyth to bypass Google’s filtering mechanisms.

To protect users’ privacy and security, Google is working on new features, such as monthly notifications to users of which apps have changed how their data is shared, but only if Google catches up in time.

At present, this software has disappeared from the Google Play application store, but it is not clear whether there are other similar “lurkers” existing in users’ mobile phones.