Android Trojan records conversations, can send them to bad guys

Android Trojan records conversations, can send them to bad guys

Summary: A new Android Trojan that can log calls, record whole conversations and even send them to the bad guys has been discovered by security firm CA.

SHARE:
TOPICS: Security
54

A new Android Trojan that can log calls, record whole conversations and even send them to the bad guys has been discovered by security firm CA.

Earlier Trojans have been capable of logging call details, but this is the first one seen that can actually make a complete recording of the conversation.

After the malware finds itself onto a Android handset, it asks for a whole bunch of permissions - which should raise a number of red flags.

Once the malware is given the required permissions by the user, it installs a configuration file that contains remote server access information.

Now it's ready to start recording conversations, which are stored on the microSD card in .AMR files.

Best defense against this sort of malware is to pay attention to the permissions that the app is asking for. Ask yourself - does this app really need all these capabilities? If in doubt, say no!

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

54 comments
Log in or register to join the discussion
  • Message has been deleted.

    Dietrich T. Schmitz, *~* Your Linux Advocate
    • RE: Android Trojan records conversations, can send them to bad guys

      @Dietrich T. Schmitz, *~* Your Linux Advocate
      Oops your reputation was at stake and now it is gone ;)
      browser.
      • RE: Android Trojan records conversations, can send them to bad guys

        @browser. I want to upvote this so hard.
        rberman
      • RE: Android Trojan records conversations, can send them to bad guys

        @browser. He didn't stake his reputation on Android. But his "I stake my reputation remarks" are dumb.
        snoop0x7b
      • RE: Android Trojan records conversations, can send them to bad guys

        @browser. Ha ha ha ha :-)
        non-biased
    • RE: Android Trojan records conversations, can send them to bad guys

      @Dietrich T. Schmitz, *~* Your Linux Advocate

      That's nice, except you presume the malware is distributed through Google's app store. The article doesn't say that. There are other app stores (e.g. Amazon) and any site can provide an app. If the user has indicated the system can get apps from non-Google sources, it can be anywhere.

      So ok, can you tell me that applications installed to Linux from ANYPLACE are malware free?

      No, oh mighty "linux advocate", you can't.
      rberman
      • RE: Android Trojan records conversations, can send them to bad guys

        @rberman This works the EXACT same way the trojan on iOS works. PLEASE tell us your point!

        By that I mean you have to "install" it to do any harm. Do you honestly think there is no way to get non Jobs approved apps onto an iPhone?
        blueskip
    • RE: Android Trojan records conversations, can send them to bad guys

      @Dietrich T. Schmitz, *~* Your Linux Advocate

      I refer you to ZDNet, same columnist:

      http://www.zdnet.com/blog/hardware/how-much-more-malware-is-lurking-in-linux-official-repositories/8615
      jgm@...
    • Message has been deleted.

      cartman00000001
    • RE: Android Trojan records conversations, can send them to bad guys

      @Dietrich T. Schmitz, *~* Your Linux Advocate
      Switch to iPhone, problem solved.
      Switch to a non-smartphone. problem solved.
      hiraghm@...
  • Source of Malware?

    Adrian, I've drilled down on the links to ascertain the source of the malware in question.

    I can't verify the source, can you?
    If it isn't in the Android Market, then 'caveat emptor' Folks
    Dietrich T. Schmitz, *~* Your Linux Advocate
    • Except that the appeal of Android was that you weren't

      locked into an App store.
      fr_gough
      • RE: Android Trojan records conversations, can send them to bad guys

        @fr_gough You're not. What's your point? That if you install random apps from random places you might get malware?

        Maybe you just didn't make any point.
        rberman
      • RE: Android Trojan records conversations, can send them to bad guys

        @fr_gough That is part of the appeal, but that part of the appeal generally only applies to those of us who are smart enough to want to do that, hence we vet our apps.
        snoop0x7b
      • RE: Android Trojan records conversations, can send them to bad guys

        @rberman I think his point is that all the Apple haters would bash the iPhone for only being about to load apps from the App Store while Android devices were not limited to only the Google Market. Once Malware started popping up from other sources those same people start saying they don't recommend downloading apps from places other than the Market.
        non-biased
    • RE: Android Trojan records conversations, can send them to bad guys

      @Dietrich T. Schmitz, *~* Your Linux Advocate

      So what you are stating is that a closed source, proprietary system is more secure than an open platform?
      Your Non Advocate
  • Message has been deleted.

    Dietrich T. Schmitz, *~* Your Linux Advocate
    • RE: Android Trojan records conversations, can send them to bad guys

      @Dietrich T. Schmitz, *~* Your Linux Advocate
      Hmm, why didn't you ask the same when there was outrage about Malware on OSX and Windows? Where were you and what were you doing then? Once the system (any system for that matter) allows side loading, you really can't blame user because the system providers should go extra mile to think about users that have no clue about security and other and make sure it is secured.
      Ram U
      • RE: Android Trojan records conversations, can send them to bad guys

        @Rama.NET <br>You are very argumentative without a point or reason. <br>It's not outrage, it's just an argument against something that reeks of hysteria inducing headlines. The article leads one to believe that this was found on the android market. Since you can download the Android SDK and make an app for free (I have). You could also just as easily make a malware app and claim that you "Found and app containing malware". It means nothing it there are not infected handset.<br>Blaming the ability to side load is like blaming a computer for allowing my to hit it with a hammer. Yeah, I can do it, but that's there a risk/reward that is involved and you don't have to base your business model on the lowest common denominator of people.
        nickmcel
      • The User Is the Only One to Blame

        @Rama.NET
        If someone is willing to install anything from anywhere, then they can't be protected without handcuffs. I'd rather be savvy to the dangers than be handcuffed.
        CFWhitman