Android System Message Trojan App Records Phone Conversations

Off late, Google's Android Market has a proven record of highly susceptible to have malware infested applications. Earlier in the March this year, Google pulled 21 malware apps from the Android Market, then in May, 26 Android malware apps discovered programs; even more malicious files were found and deleted in June followed in July.Yet another, […]

Off late, Google's Android Market has a proven record of highly susceptible to have malware infested applications. Earlier in the March this year, Google pulled 21 malware apps from the Android Market, then in May, 26 Android malware apps discovered programs; even more malicious files were found and deleted in June followed in July.

Yet another, Trojan file has been discovered by CA Security this week and this is an especially nasty one. According to blog post this malware, named "Android System Message" actually records the phone user's audio conversations and stores them in the "amr" format. And, "Once the malware is installed in the victim device, it drops a "configuration" file that contains key information about the remote server and the parameters." It adds, "As the conversation goes on, the Trojan stores the recorded call in a directory shangzhou/callrecord in the SDCard."

Ars Technica adds that the malware is suppose to send that recorded conversation to a remote server. However, whomever created the code wrote it with a typo that disables this feature. And, that the "malware has yet to appear out in the general Android download community, saying it popped up on a shady "malware collection channel." Even if this malware doesn't find its way into the Android masses, people who download any Android apps should always be aware of what they are installing on to their device."

To see the payload in action, the Trojan is installed in a controlled environment with two mobile emulators running along with simulated internet services.

[Source: CA Security]