Android Trojan records your phone conversations

The malware is launched after a user tries to place a call. The conversation is stored in the .amr file format, research at CA say.

Don Reisinger
Don Reisinger
Former CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
2 min read
A look at where the Trojan saves conversations on the SD card.
A look at where the Trojan saves conversations on the SD card. CA Technologies

A new Android Trojan has been discovered that records your phone conversations, according to IT service provider CA Technologies.

According to CA security researcher Dinesh Venkatesan, the malware only runs after users unwittingly install it onto their Android-based devices. To coax users into doing so, the Trojan mimics a standard installation screen for legitimate applications. If users click "install," a configuration file is added to the handset with "key information about the remote server and the parameters," suggesting that the calls can be accessed over the Web by the malware's creator.

Once a user places a call, the malware kicks into action, recording the conversation onto the device's installed SD card in a directory called "shangzhou/callrecord." CA Technologies said that the malware saves the conversation as an ARM file.

Related stories:
Malicious apps removed from Android Market
More malware targeting Android
12 tips for mastering Android
Symantec: Malware masquerading as Android apps

This latest discovery joins a growing number of threats Android users face. Last month, security researchers detailed newly discovered malware, including a variant of the DroidDream Trojan that plagued applications Google removed from its Android Market earlier this year. The researchers also found a Trojan designed to steal bank passcodes sent over SMS. According to the security firms, the malware can operate on its own, meaning users don't need to launch the app for it to infect a device.

"It is already widely acknowledged that this year is the year of mobile malware," Venkatesan said in a blog post discussing the latest malware discovery. "We advise the smartphone users to be more logical and exercise the basic security principles while surfing and installing any applications."

So, what are those principles? For one, users should only install applications from trusted sources. Users should also examine permissions, to ensure they match up with the respective application's core features. And perhaps most importantly, users should run antivirus software on their handsets to safeguard themselves from some threats.