Android users: Delete this app; it’s been secretly recording its users

Ever feel like you’re being watched… or listened to? If you’re using an Android device, prepare for a not-so-fun surprise.

ESET researchers at WeLiveSecurity have uncovered an Android app secretly recording users’ lives. This app is harboring AhRat, a sneaky Remote Access Trojan (RAT) built off of the open-source malware platform AhMyth.

The culprit? “iRecorder – Screen Recorder.” It launched in 2021 and racked up over 55,000 installs from the Google Play Store. Yikes.

This once-legitimate screen-recording app has taken a dark turn within just a year and now specializes in stealing files with specific extensions as well as eavesdropping on your microphone recordings.

That’s right, folks – this app is all up in our personal space, poking its nose into matters that don’t concern it.

“Initially, the iRecorder app did not have any harmful features. What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch.“

ESET Download | Internet Security with antivirus

4.0

Discover ESET's free home internet security package, perfect for those who value their online activities. Experience top-notch protection against cyber threats and safeguard your digital world without breaking the bank. Give it a try today!

Try it for FREE for 30 Days Get it for 30% Off

KnowTechie is supported by its audience, so if you buy something through our links, we may get a small share of the sale.

AhRat seems to be particularly focused on certain victims, hinting at an espionage angle. But even if you’re not part of any high-stakes political dealings, who wants their favorite late-night shower tunes exposed to the world?

Here’s the real issue: Open-source malware platforms are fertile ground for variations like AhRat, leaving everyday Android users vulnerable to snooping digital thieves.

Keep calm and remember the basics: Stick to verified app stores, religiously update your security patches, and resist those urge clicks on dodgy downloads. Be safe, be smart, and stay one step ahead of this digital peeper.

As for the iRecorder app itself, Google removed it from the Play Store after ESET’s report. As a sigh of relief, ESET says they have not detected any other AhRat instances anywhere else in the wild.

For the full rundown, head on over to ESET’s blog, WeLiveSecurity for the full report. What I covered here is just the tip of the iceberg.

ESET Download | Internet Security with antivirus

4.0

Try it for FREE for 30 Days Get it for 30% Off

KnowTechie is supported by its audience, so if you buy something through our links, we may get a small share of the sale.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• Millions of Android TVs & phones could be preinstalled with malware
• Android users, malware riddled apps are flooding the Play Store
• Android may finally split ringtone volume and notifications sliders
• These Android apps are riddled with malware – delete them

Kevin Raposo

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at kevin@knowtechie.com or find him on Mastodon or Post.