- Mar 13, 2022
ESET malware researchers found a new remote access trojan (RAT) on the Google Play Store, hidden in an Android screen recording app with tens of thousands of installs.
While first added to the store in September 2021, the 'iRecorder - Screen Recorder' app was likely trojanized via a malicious update released almost a year later, in August 2022.
The app's name made it easier to ask permission to record audio and access files on the infected devices since the request matched the expected capabilities of a screen recording tool.
Before its removal, the app amassed over 50,000 installations on the Google Play Store, exposing users to malware infections.
"Following our notification regarding iRecorder's malicious behavior, the Google Play security team removed it from the store," ESET malware researcher Lukas Stefanko said.
"However, it is important to note that the app can also be found on alternative and unofficial Android markets. The iRecorder developer also provides other applications on Google Play, but they don't contain malicious code."
ESET malware researchers have discovered a new remote access trojan (RAT) on the Google Play Store, bundled with an Android screen recording app with 50,000 installs.