Friday, 7 October 2011

Android Trojan Taps Your Phone Calls



CA reports in their Security Advisor Research Blog about a trojan malware program for Android that records phone conversations.

It is recently pointed out that the design of Android is creating many new opportunities for malware on phones and this is another great example of it. When you install an Android application it can ask you for permission to perform various actions. Some of these, for instance to access the SD card, are common and probably unobjectionable, but others could provide dangerous power to the app.
 


This particular trojan, unnamed by CA, asks for permission to intercept phone calls, to record audio and who knows what else.

When you make a phone call, the trojan awakens and records the call as a .amr file in the shangzhou/callrecord directory on the SD card. It's just possible that the directory name is a clue to the trojan's origins (Wikipedia identifies Shangzhou as "is a district of Shangluo, Shaanxi, China"). The files are sent on to a server specified in a configuration file.

The permissions dialog in Android is turning out to be the critical point for malware. You can ask for a lot. Probably very few users scrutinize the list or would understand it if they did. This is likely a design that Google will have to modify in future versions.

0 comments:

Post a Comment