Connect with us


Android users: Delete this app; it’s been secretly recording its users

This Android recorder app has been secretly recording its users for over a year.

Android phone on table
Image: Pexels

Ever feel like you’re being watched… or listened to? If you’re using an Android device, prepare for a not-so-fun surprise.

ESET researchers at WeLiveSecurity have uncovered an Android app secretly recording users’ lives. This app is harboring AhRat, a sneaky Remote Access Trojan (RAT) built off of the open-source malware platform AhMyth.

The culprit? “iRecorder – Screen Recorder.” It launched in 2021 and racked up over 55,000 installs from the Google Play Store. Yikes.

This once-legitimate screen-recording app has taken a dark turn within just a year and now specializes in stealing files with specific extensions as well as eavesdropping on your microphone recordings.

This image is showing a prompt for a user to grant permissions to an app called iRecorder to access audio, photos, media, and files on their device. Full Text: 09:58 @ D 46 1 0 18:04 M 6 18:04 M < Google Play 0 iRecorder iRecorder iRecorder - Screen Recorder DI Coffeeholic Dev INSTALL Contains ads 4.2 * 50K+ 259 reviews Downloads PEGI 3 Allow iRecorder to record Allow iRecorder to access .... audio? photos, media, and files on your device? Allow Allov - Deny Deny - IRecorder need these permissions to be able do the following IRecorder need these permissions to be able do the following Capture Screen - Simple Edit Crop Photo & Video - Add Music GRANT PERMISSION GRANT PERMISSION READ MORE Ratings and reviews 5 Video Videa

That’s right, folks – this app is all up in our personal space, poking its nose into matters that don’t concern it.

Initially, the iRecorder app did not have any harmful features. What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch.

AhRat seems to be particularly focused on certain victims, hinting at an espionage angle. But even if you’re not part of any high-stakes political dealings, who wants their favorite late-night shower tunes exposed to the world?

Here’s the real issue: Open-source malware platforms are fertile ground for variations like AhRat, leaving everyday Android users vulnerable to snooping digital thieves.

new apps google play app store
Image: KnowTechie

Keep calm and remember the basics: Stick to verified app stores, religiously update your security patches, and resist those urge clicks on dodgy downloads. Be safe, be smart, and stay one step ahead of this digital peeper.

As for the iRecorder app itself, Google removed it from the Play Store after ESET’s report. As a sigh of relief, ESET says they have not detected any other AhRat instances anywhere else in the wild.

For the full rundown, head on over to ESET’s blog, WeLiveSecurity for the full report. What I covered here is just the tip of the iceberg.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at or find him on Mastodon or Post.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Android