CA security finds Android Trojan which records phone calls

A new Android Trojan is capable of recording phone conversations, according to a CA security researcher. The trojan is triggered when the Android device places or receives a phone call. It saves the audio file and related information to the phone's microSD card, and includes a configuration file with information on a remote server and settings used by the trojan.

The malware also "drops a 'configuration' file that contains key information about the remote server and the parameters," CA security researcher Dinesh Venkatesan writes in a blog, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker.

According to the post, the trojan presents itself as an "Android System Message" that requires users to press an "Install" button for it to insert itself in the phone. Once installed, the trojan records all incoming and outgoing calls to a directory on the microSD card as .amr files, as well as information about the call, including its duration, in a text file.

Venkatesan tested the Trojan in "a controlled environment with two mobile emulators running along with simulated Internet services," and posted screenshots with the results. It appears the Trojan can only be installed if the Android device owner clicks the "install" button on a message that looks strikingly similar to the installation screens of legitimate applications.
"As it is already widely acknowledged that this year is the year of mobile malware, we advice the smartphone users to be more logical and exercise the basic security principles while surfing and installing any applications," Venkatesan writes.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.