Don’t let your phone get infected with the AhRat malware — delete this screen recorder app now

smartphone malware
(Image credit: Shutterstock)

Even the best Android apps can go rogue. Especially when injected with malicious code by hackers, which is exactly what happened with a popular screen recorder app on the Google Play Store.

According to a new report from the cybersecurity firm ESET, the app iRecorder - Screen Recorder which has been installed over 50,000 times, recently began serving up a remote access trojan (RAT) to unsuspecting users.

What makes this news particularly interesting is that the app itself was uploaded to the Play Store without any malicious functionality back in 2021. However, with the release of version 1.3.8 of iRecorder - Screen Recorder in August 2022, the app began infecting the best Android phones with malware.

Although the app has since been removed from the Play Store after ESET reported it to Google, you will still need to manually delete it from your smartphone if you have it installed.

Also, if you're interested in recording your Android smartphone's screen, here's how to do it using the built-in app that's already installed on your phone. This way, you can avoid shady apps like iRecorder - Screen Recorder altogether.

Recording audio and stealing files

Newer versions of the iRecorder - Screen Recorder app contains a customized version of the open-source AhMyth Android Rat which ESET is now referring to as AhRat.

If installed on a user’s smartphone, this malware can record audio and then upload it to a command and control (C&C) server controlled by the hackers behind this campaign. However, it can also steal all sorts of files from a compromised device from photos and videos to documents and even saved web pages.

As ESET notes in its report, the malicious behavior exhibited by iRecorder - Screen Recorder suggests that the now malicious app is part of an espionage campaign. However, its researchers weren’t able to attribute the app to any particular group of cybercriminals or hackers.

How to stay safe when good apps go bad

A hand holding a phone securely logging in

(Image credit: Google)

Although the possibility of good apps going bad is a scary idea to wrap your head around, Google has already implemented preventive measures against these types of malicious actions in Android.

In Android 11 and up, the search giant’s mobile operating system contains a feature called App hibernation that places apps which have been dormant for several months into a state of hibernation. This resets all of the permissions they’ve been granted and prevents them from being used maliciously.

If you’re still worried though, you should consider installing one of the best Android antivirus apps as they constantly scan your smartphone for malware and other viruses. Google Play Protect does this as well and it comes pre-installed on every Android phone if you’re on a tight budget. However, many Android antivirus apps provide other security features too like a VPN or even a password manager.

iRecorder - Screen Recorder is the only app ESET has observed so far spreading the AhRat malware but there could be others in the future. This is why you always want to ensure your Android smartphone is up to date and running the latest version.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.