This legit Android app turned into audio-snooping malware – and Google missed it

Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code.

Potentially tens of thousands of people downloaded the software before ESET researchers found the hidden malware and alerted Google, which pulled the app from its online store.

The application in question, iRecorder – Screen Recorder, was first published in 2021. It spent nearly a year in Google Play without a hint of nefarious behavior before an August 2022 update, we're told, added a secret remote-control backdoor.

The backdoor code was based on AhMyth, a piece of GitHub-hosted "not for malicious use" spyware that's been found in Play Store apps before.

The implementation of AhMyth in the updated Android app has been dubbed AhRat by ESET. We're told the software nasty recorded snippets of audio from an infected device's microphone. AhRat can also ...