Android malware can record and upload phone conversations
With the focus lately being on the security holes within iOS, media attention on flaws within Android has subsided. That ended Monday as security firm CA revealed a new Trojan, aimed at the mobile OS, that records the details of incoming and outgoing calls as well as the actual audio itself.
There are already Android Trojans in the wild that have the capability to store call information. This Trojan in particular however stores the audio of the phone call in .amr format on the SD card within the device. Worse yet, it appears to store a configuration file in the phone's memory, complete with remote server details.
Such a file suggests that recorded conversations may possibly be sent to a remote server, obviously presenting a security issue should the contents of any phone conversations contain sensitive information.
The Trojan hides itself in a what looks to be a legitimate app, and presents an Install screen much like legitimate applications do. If installed, the payload is activated and the Trojan begins recording calls.
CA researcher Dinesh Venkatesan wrote in a blog post that the malign application contains "many other malicious activities that we have seen in many of the earlier malware incidents targeted for Android platform," suggesting conversation recording may not be the only issue.
It is not known whether this means that the remote server connection could be used to update configuration files without the user's knowledge, thus allowing the application to perform a range of other tasks.
Earlier this year, Android malware known as "DroidDream" was already doing something similar on infected phones. There, the malware operated overnight as to avoid detection, and could call back to a remote server to ask for further instructions.
At least 50 apps were thought to have been infected with DroidDream, and may have been installed a combined 200,000 times across Android devices worldwide.
CA recommends that users be careful when installing any apps. "As it is already widely acknowledged that this year is the year of mobile malware, we advise smartphone users to be more logical and exercise the basic security principles while surfing and installing any applications," Venkatesan said.