AfterDawn: Tech news

Android trojan records, uploads phone calls

Written by James Delahunty (Google+) @ 03 Aug 2011 14:51 User comments (5)

Android trojan records, uploads phone calls CA Security Advisory details Android call snooping trojan.
There has been a lot of attention focused lately on the growth of malware in circulation for the popular Android smartphone operating system. Some past discoveries include applications that leak private information on Internet and other use, record text messages and information on calls made and received which can be uploaded to a remove server.

This new Trojan takes things a step further by actually recording phone calls to local storage in the AMR format before uploading them to a server specific by the attacker.

The Trojan dubs itself the "Android System Messenger" and asks for permission upon installation to be allowed to incept outgoing calls. This should act as a warning for users, but the truth is most users see these messages all too often and end up just ignoring them. The same problem is seen with User Account Control prompts on Windows, where users allow a program to execute even if they have no idea what it is.

When installed, the malware drops a configuration file to the device which will include information on the remote server to upload the files. When a call is made, the conversation is recorded to a .amr file located in a directory "shangzhou/callrecord". The directory hints at a Chinese origin for the malware.

The amount of malware targeting Android has exploded in the past year, due to the large use of "unauthorized" App markets, though the number of dodgy applications even found in Google's market has increased dramatically. Android's wide usage globally also gives every incentive for malware peddlers to target it.

Tags: Android
Previous Next  

5 user comments

13.8.2011 16:27

I'd race to check my cell, but my wife has it at work.... dah well.

24.8.2011 0:51

Someone needs to hack this so that it can be used to record your calls and upload them to your own server instead...I would love to have my phone auto-upload all my calls to my webserver.



35.8.2011 10:13

@ killer if your on a rooted device you can probably do this now with a background cron and ssh rsa password less login and a simple script:

http://www.imoseyon.com/2011/02/cron-on-android-is-awesome.html
and
http://code.google.com/p/rsyncdroid/

Should do it, then just point rsync at your call recorders folder and offload it once a day or what ever period ;)

This message has been edited since its posting. Latest edit was made on 05 Aug 2011 @ 10:13

416.8.2011 12:17

Oh yeah? They want to listen to my voice mails from bill collectors? Go right ahead.


Someone told me once that theres a right and wrong, and that punishment would come to those
who dare to cross the line.
But it must not be true for jerk-offs like you.
Maybe it takes longer to catch a total asshole.

517.8.2011 0:16

@killer another possible solutions which would work over your local lan, is i think andsmb on droid or one of the android smb clients has an option to auto sync between shares remotely ;) i had completely forgot about it... anyway probably a far more simple solution, although its not going to be over the air like my first suggestion :)

Comments have been disabled for this article.

News archive