A new bit of Android malware has popped onto security experts’ radar, and this particular trojan can record your phone calls.
Security researchers at CA Technologies have posted their findings about the new trojan.
In a blog post, mobile malware specialist Dinesh Venkatesan wrote that the Android package can record phone calls the victim makes as .amr files; the .amr files are then stored to the mobile device’s SD card.
“Once the malware is installed in the victim device, it drops a ‘configuration’ file that contains key information about the remote server,” Venkatesan wrote on the CA blog, indicating that the recorded calls would be uploaded to a server for later access by the hackers behind the malware.
Venkatesan noted that the trojan displays “many other malicious activities that we have seen in many of the earlier malware incidents targeted for Android platform.”
A Google spokesperson pointed out to VentureBeat that this app, like many other Android-targeted malware, is not downloadable from the Android Market; users must seek out off-Market apps and accept permissions for access to outgoing phone calls for the trojan to work as intended.
“In this case, there are very high chances that this malware can be easily noticed by the user because of the fancy features it has (like the call recording feature which is a performance intensive operation relatively),” a CA rep told VentureBeat.
Android malware has become something of a theme over the past year. One particularly nasty trojan popped up in December 2010. It lived in off-Market apps and sought users’ permission to access huge lists of data types, then stored that data to remote servers.
The following month, researchers proved that another Android trojan could “hear” spoken or typed credit card numbers. Then, in March, the DroidDream malware surfaced as a zombie agent, allowing infected phones to surreptitiously download other malicious apps.
However, while these threats make headlines, they’re not actually too common in the wild, in part because Google has been fairly diligent about removing security threats from the Android Market. In March, it pulled dozens of apps out of the Market, and it removed 10 Angry Birds-targeted apps in June 2011.
For consumers, the best advice we can give is to exercise common sense when downloading and installing applications — especially when accessing apps that are not found in the Android Market. Always read the “permission slip” each app download triggers; it will show you the kinds of data the app will be accessing and might raise some red flags.
As Venkatesan concluded, “As it is already widely acknowledged that this year is the year of mobile malware, we advise smartphone users to be more logical and exercise basic security principles while surfing and installing any applications.”
“No security software can protect the users 100 percent from all the unknown malware,” said the CA spokesperson. “The users must exercise a logical sense while permitting some unknown application to have certain permissions. For example, an application that claims it’s a game has no need to have the permission to record your voice calls.”