Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Android Trojan records phone calls

A new Android Trojan is capable of recording phone conversations, according to a CA security researcher.

While a previous Trojan found by CA logged the details of incoming and outgoing phone calls and the call duration, the malware identified this week records the actual phone conversations in AMR format and stores the recordings on the device's SD card.

The malware also "drops a 'configuration' file that contains key information about the remote server and the parameters," CA security researcher Dinesh Venkatesan writes in a blog, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker.

TARGET: Malware writers gunning for Google Android

Venkatesan tested the Trojan in "a controlled environment with two mobile emulators running along with simulated Internet services," and posted screenshots with the results. It appears the Trojan can only be installed if the Android device owner clicks the "install" button on a message that looks strikingly similar to the installation screens of legitimate applications.

After the malware and the remote server configuration file are installed on the Android device, making a phone call "triggers the payload" -- in other words, recording the call and storing it on the SD card.

"As it is already widely acknowledged that this year is the year of mobile malware, we advice the smartphone users to be more logical and exercise the basic security principles while surfing and installing any applications," Venkatesan writes.

While Android provides more flexibility than the iPhone by allowing installation of third-party applications, even those that were not approved for the Android Market, this freedom seems to come with increased security risk. Malware-infected applications have also been found in the Android Market itself, but users can protect themselves by installing antivirus software, just as they would on a PC.

Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: CA Technologies, Google, LAN
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Android, anti-malware, consumer electronics, cybercrime, Google, legal, malware, mobile security, networking, security, smartphones, software, wireless
Latest Blog Posts
Whitepapers
  • Prepare Your Enterprise for the Mobile Revolution: Boost the Bottom Line with Mobile UC
    This white paper will highlight the changes in the mobile workplace; outline the benefits of unified communications (UC) and Fixed-Mobile Convergence (FMC) for mobile workers; identify the key market trends and business challenges IT managers must pay attention to now and into the future; and offer best practices for choosing a solution that will deliver clear ROI.
    Learn more »
  • Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives
    Service-oriented architecture (SOA) has moved beyond hype to widespread acceptance as an IT strategy for delivering business value. SOA promotes the notion of modularity, providing overwhelming flexibility and superior economics for addressing business demands. However, undertaking the transformation to SOA is not without its challenges. If left unchecked, your inventory of SOA assets will become unmanageable; the reuse of services will diminish in favor of custom development; or even worse, modifications will be made to your existing services that break other business processes. The purpose of SOA governance is to help you ensure that this does not happen. This paper outlines the most compelling reasons for you to establish SOA governance within your organization.
    Learn more »
  • Optimizing Data Quality in the Enterprise - How to Tackle Your Bad Information
    Data quality – the measure of data accuracy, completeness, and consistency across a business – has become the core focus of information management efforts among many of today’s organizations. Problems with data quality continue to plague corporations of all types and sizes. In this paper, we will discuss some techniques companies can implement to enhance data quality across the entire enterprise. We will also highlight data quality management solutions, which provide businesses with the ability to effectively and economically enhance the correctness, completeness, and consistency of information in each and every system within their technology infrastructure.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments