Conversation-spying Android Trojan in the wild

Android malware has so far been spotted doing things like sending text messages or making calls to premium service numbers, sending out information about the device and enslaving mobile phones into botnets – in short, things geared towards making easy money.

But a recently detected Android Trojan is also capable to record users’ conversation, and that can be misused for inflicting a different type of damage.

According to CA researcher Dinesh Venkatesan, this particular Trojan records conversations in AMR format, as allowed by the permissions the user has approved:

“Once the malware is installed in the victim device, it drops a ‘configuration’ file that contains key information about the remote server and the parameters,” explains the researcher. “As the converstation goes on, the Trojan stores the recorded call in a directory shangzhou/callrecord in the SDCard.” And now, the file is ready to be transmitted to the remote server.

When it comes to mobile malware, the best defense for the user is a critical mind that will ask questions like “Why does this application need to have permission to do X, and how can this permission be misused?”

If you want to download a game, but the permission list contains things like “record audio” or “intercept outgoing calls”, it is safe to say that the developer has motives other than earning a buck from the sale of the game (or additions to it).