Cybersecurity experts have warned that a popular Android app is secretly spying on users as part of a potential espionage campaign.
Phone owners have been urged to delete a malicious app known as iRecorder after it was found to subtly steal files, web information and even pictures.
The unsuspecting screen-recorder even makes use of a phone’s microphone every 15 minutes, taking a snippet of audio for unknown purposes.
This malware, discovered by ESET, did not come as part of the app when it launched in 2021.
Instead, attackers took a more unusual approach, with harmful features cropping up nearly a year later, in what may have been disguised as a typical update.
iRecorder secretly steals pictures, files and web information on Android devices (file image)
‘Interestingly here is that the app passed initial tests to get on the Google Play store but it was the update that carried the malicious activity,’ Jake Moore, Global Cybersecurity Advisor at ESET said.
‘Although the app is now removed from the Google Play store, it is advised to remove it from your phone if you installed it whilst it was still live.
‘By deleting the app, the phone will remain safe from prying eyes and ears.’
ESET believes the app has been downloaded by more than 50,000 people since its launch three years ago on Google Play.
Google has now removed this and Apple devices are unaffected, but it is still available to download from alternative Android markets.
Before using, phone holders are asked to give iRecorder permission to record audio and ‘access photos, media and files’.
But ESET claims there are no other special permission requests that may hint to its harmful intentions.
It is currently uncertain whether a specific group is behind this malware which uses a powerful open-source tool known as ‘AhMyth’.
Google has now removed this and Apple devices are unaffected, but iRecorder is still available to download from alternative Android markets
But ESET claims that AhMyth was previously employed by the Transparent Tribe – a cyberespionage group that targets governments and military groups in South Asia.
To remove these harmful features from a device, all users need to do is simply delete the app.
Google also offers a built-in security feature called Play Protect that can scan your apps for malware in future.
This malware also comes just weeks after the security firm Kaspersky found 11 other apps on Google Play that hold a new type of malware known as Fleckpe.
This largely included photo and video editing apps including ‘Photo Effect Editor’ and ‘Beauty Slimming Photo Editor’.
At the time, Google said that it takes ‘security and privacy claims against apps seriously’ and deleted these apps.
Yet, in the face of malware risks, ESET urges phone users to continue updating their phones as the benefits outweigh these risks.
Mr Moore added: ‘This should hopefully not put people off updating as more damage can usually be done by not installing timely app and device updates.’
A Google spokesman told MailOnline: ‘When we find apps that violate our policies, we take appropriate action. Devices running Android 11 and above have protections that limit app access to device location, camera, or microphone.
‘Google Play Protect also protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources.’
