Google removes an Android screen recording app that was discovered using a remote access Trojan to spy on users.

A malicious Android software that had been downloaded onto more than 50,000 devices was recently withdrawn from the Play Store by Google. The programme was first released by the developer in 2021, and a year later it was infested with malicious code, said the security company that found the trojan. The programme could extract and upload users’ media by looking for audio, video, and web page extensions. Users who downloaded the app must manually uninstall it from their devices even though the Play Store has withdrawn it.

Researchers from ESET claim that the iRecorder app was first submitted to the Play Store in September 2019 and that it did not contain any malicious functionality. Nearly a year later, a variation of the open-source AhMyth Android RAT (remote access trojan) known as AhRat was found inside the app. Users would have the infected software on their smartphone if they upgraded the app or downloaded it for the first time after August 2022.

Although the app’s first release did not have any malicious functionality, ESET claims that a later update added code that enabled it to act maliciously, including recording background sounds and sound by using the phone’s microphone. The attacker might then upload these videos to their command-and-control (C&C) server. The software could also extract files with certain extensions, including compressed files, web pages, documents, music, video, and image files.