The fact that the app remained undetected for more than nine months adds to the concern, as users had no way of knowing that threat actors were recording their voices every 15 minutes. Furthermore, researchers speculate that the app was possibly part of an active espionage campaign; however, this claim remains speculative in the absence of additional evidence. It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code,” said ESET security researcher Luká tefanko.