Android trojan records, uploads phone calls

Android trojan records, uploads phone calls
CA Security Advisory details Android call snooping trojan.

There has been a lot of attention focused lately on the growth of malware in circulation for the popular Android smartphone operating system. Some past discoveries include applications that leak private information on Internet and other use, record text messages and information on calls made and received which can be uploaded to a remove server.



This new Trojan takes things a step further by actually recording phone calls to local storage in the AMR format before uploading them to a server specific by the attacker.

The Trojan dubs itself the "Android System Messenger" and asks for permission upon installation to be allowed to incept outgoing calls. This should act as a warning for users, but the truth is most users see these messages all too often and end up just ignoring them. The same problem is seen with User Account Control prompts on Windows, where users allow a program to execute even if they have no idea what it is.

When installed, the malware drops a configuration file to the device which will include information on the remote server to upload the files. When a call is made, the conversation is recorded to a .amr file located in a directory "shangzhou/callrecord". The directory hints at a Chinese origin for the malware.

The amount of malware targeting Android has exploded in the past year, due to the large use of "unauthorized" App markets, though the number of dodgy applications even found in Google's market has increased dramatically. Android's wide usage globally also gives every incentive for malware peddlers to target it.

Written by: James Delahunty @ 3 Aug 2011 14:51
Tags
Android
Advertisement - News comments available below the ad
  • 5 comments

  • Mysttic

    I'd race to check my cell, but my wife has it at work.... dah well.

    3.8.2011 16:27 #1

  • KillerBug

    Someone needs to hack this so that it can be used to record your calls and upload them to your own server instead...I would love to have my phone auto-upload all my calls to my webserver.


    4.8.2011 00:51 #2

  • plazma247

    @ killer if your on a rooted device you can probably do this now with a background cron and ssh rsa password less login and a simple script:

    http://www.imoseyon.com/2011/02/cron-on-android-is-awesome.html
    and
    http://code.google.com/p/rsyncdroid/

    Should do it, then just point rsync at your call recorders folder and offload it once a day or what ever period ;)

    5.8.2011 10:13 #3

  • s_c47

    Oh yeah? They want to listen to my voice mails from bill collectors? Go right ahead.

    Someone told me once that theres a right and wrong, and that punishment would come to those
    who dare to cross the line.
    But it must not be true for jerk-offs like you.
    Maybe it takes longer to catch a total a__hole.

    16.8.2011 12:17 #4

  • plazma247

    @killer another possible solutions which would work over your local lan, is i think andsmb on droid or one of the android smb clients has an option to auto sync between shares remotely ;) i had completely forgot about it... anyway probably a far more simple solution, although its not going to be over the air like my first suggestion :)

    17.8.2011 00:16 #5

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud