Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Roland Moore-Colyer

This Android app with over 50,000 installs steals your files and microphone recordings — what to do

A picture depicting how banking trojans steal credit card data

An Android app downloaded onto more than 50,000 devices has been found to be harboring data-stealing malware.

Security researchers at ESET discovered that the iRecorder – Screen Recorder app available on Google Play had malicious functionality that let it extract data from a user’s Android device. This data could include microphone recordings and files with specific extensions. 

That latter part is noteworthy — according to ESET’s WE Live Security blog, that could be an indication that the trojanized app was being used as part of an espionage campaign. 

When the app was first uploaded on the Play Store in September 2021, it didn’t appear to have any malware or trojans lurking beneath its digital skin; this is likely why it managed to bypass Google’s app store security measure. But ESET said it appeared to become trojanized via an update a few months later, and from there the app was able to carry out its malicious behavior using the AhMyth-based malware that ESET named AhRat. 

“It appears that malicious functionality was later implemented, most likely in version 1.3.8, which was made available in August 2022,” wrote ESET malware analyst Lukas Stefanko. 

While tens of thousands of Android devices have been infected by AhRat, it's not been detected by ESET anywhere else. So you can breathe a sigh of relief that this isn't likely to be massively widespread malware. 

Avoid the iRecorder – Screen Recorder app  

The iRecorder – Screen Recorder app has been pulled from the Play Store by Google so isn’t set to cause any more problems on that platform now. 

But the app could still be available on unofficial Android app stores and markets. If you happen to frequent such places, you’ll want to avoid the iRecorder – Screen Recorder app. 

If you’ve been using the app, we suggest you immediately remove it from your phone. (Here's a refresher on how to delete apps on Android.) As for any exfiltrated data, we’re afraid that there’s not much that can be done now as that data has likely been extracted to a remote server. For a bit of security hygiene, it might be best to reset your passwords and double-check app permissions. 

And do make sure to have one of the best Android antivirus apps on your Android devices to help keep malware at bay. 

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.