In An Unprecedented Incident, A Malicious Malware Has Been Detected In The Google Play Store, Which Has Abused Users For More Than A Year.
The Apple and Google Play app stores are known for several security features. All these features protect users from malicious programs and safeguard their data from being accessed by the wrong people. But despite all these security features, there is always a risk.
For example, a popular iRecorder Screen Recorder program has been caught doing malicious work. This app first appeared on the Google Play Store in 2021, and since then, it has been an option for many people who want to record screen content. But from 2022 onwards, this app has been spying on users and collecting their data.
Previous versions of this program did not contain any malware and were valuable tools that allowed you to record the screen. But just one year after its release, the app was updated on the Google Play Store, and according to ESET’s review report, this update was accompanied by malware.
Want to know what the malware did to this app? According to the ESET review, this software secretly recorded audio and sent the recorded files to a remote server. The spy tool the developers used for this was a code from AhMyth. It is an open-source remote access Trojan ( RAT). Also, iRecroder Screen Recorder is not the first program to use it.
There have been many other apps with the same spy tool, and strangely enough, they all have bypassed Google Play Store’s security features undetected. However, unlike other malware-infested programs, iRecorder Screen Recorder uses a very sneaky trick.
Finally, this app requires several additional permissions to do screen recording. In other words, this program obtains the consent that the malware needs to do all its malicious work directly from the user. Considering that it is categorized as a screen recording app, no one, including the Google Play Store or users, has paid any attention to it.
Quick response from Google
After seeing the problem, Google quickly removed iRecorder Screen Recorder from Google Play. However, if you have already installed this program, you should remove it immediately. Additionally, you need to delete the program files.
However, this analysis is a prime example of the vulnerability of the Google Play Store. Any program can work typically and suddenly become malicious. And when it does, it can remain hidden in practice for months without anyone discovering it.
Researchers believe that these programs do not have reasonable goals from the beginning. They usually act and create a suitable user base for themselves. And when they get enough users, developers inject them with malware and start collecting user data. However, researchers note that there is no evidence to support this theory.
ESET also indicates that this program may be part of an active spyware campaign. This means other tools in the Google Play Store may look ordinary but contain malware. Therefore, it is better to check now what apps are installed on your Android mobile phone.
It has been said that it is true that Google Play Store’s preventative measures against these apps are ineffective. But the good news is that Google is currently testing new ways to stop these apps, and with Android 14, these experimental features may see their final version.
There is no guarantee that the new methods will help the Google Play Store prevent this malware. But it’s still a vital sign that Google is serious about keeping apps safe.