Research by ESET found that the Android app, “iRecorder — Screen Recorder,” introduced the malicious code as an app update almost a year after it was first listed on Google Play.