ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

Android Trojan records conversations, can send them to bad guys

By | August 2, 2011, 4:00am PDT

Summary: A new Android Trojan that can log calls, record whole conversations and even send them to the bad guys has been discovered by security firm CA.

A new Android Trojan that can log calls, record whole conversations and even send them to the bad guys has been discovered by security firm CA.

Earlier Trojans have been capable of logging call details, but this is the first one seen that can actually make a complete recording of the conversation.

After the malware finds itself onto a Android handset, it asks for a whole bunch of permissions - which should raise a number of red flags.

Once the malware is given the required permissions by the user, it installs a configuration file that contains remote server access information.

Now it’s ready to start recording conversations, which are stored on the microSD card in .AMR files.

Best defense against this sort of malware is to pay attention to the permissions that the app is asking for. Ask yourself - does this app really need all these capabilities? If in doubt, say no!

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Conversation, Security Company, Computer Associates International Inc., Home Office Security, Security, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

54
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Android Trojan records conversations, can send them to bad guys
non-biased 5th Aug
@CFWhitman I agree but have to ask, why is it the same poeple that will defend Android's security due to the need for the user to take action to install did not see it the same way with the recent malware issue that Macs had?
View in thread
0 Votes
+ -
Message has been deleted.
Dietrich T. Schmitz, *~* Your Linux Advocate Updated - 3rd Aug
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
browser. 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate
Oops your reputation was at stake and now it is gone wink
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
rberman 2nd Aug
@browser. I want to upvote this so hard.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
snoop0x7b 2nd Aug
@browser. He didn't stake his reputation on Android. But his "I stake my reputation remarks" are dumb.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
non-biased 5th Aug
@browser. Ha ha ha ha happy
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
rberman 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate

That's nice, except you presume the malware is distributed through Google's app store. The article doesn't say that. There are other app stores (e.g. Amazon) and any site can provide an app. If the user has indicated the system can get apps from non-Google sources, it can be anywhere.

So ok, can you tell me that applications installed to Linux from ANYPLACE are malware free?

No, oh mighty "linux advocate", you can't.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
blueskip Updated - 2nd Aug
@rberman This works the EXACT same way the trojan on iOS works. PLEASE tell us your point!

By that I mean you have to "install" it to do any harm. Do you honestly think there is no way to get non Jobs approved apps onto an iPhone?
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
jgm@... 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate

I refer you to ZDNet, same columnist:

http://www.zdnet.com/blog/hardware/how-much-more-malware-is-lurking-in-linux-official-repositories/8615
0 Votes
+ -
Message has been deleted.
cartman00000001 Updated - 3rd Aug
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
hiraghm@... 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate
Switch to iPhone, problem solved.
Switch to a non-smartphone. problem solved.
0 Votes
+ -
Source of Malware?
Dietrich T. Schmitz, *~* Your Linux Advocate 2nd Aug
Adrian, I've drilled down on the links to ascertain the source of the malware in question.

I can't verify the source, can you?
If it isn't in the Android Market, then 'caveat emptor' Folks
0 Votes
+ -
Except that the appeal of Android was that you weren't
fr_gough 2nd Aug
locked into an App store.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
rberman 2nd Aug
@fr_gough You're not. What's your point? That if you install random apps from random places you might get malware?

Maybe you just didn't make any point.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
snoop0x7b 2nd Aug
@fr_gough That is part of the appeal, but that part of the appeal generally only applies to those of us who are smart enough to want to do that, hence we vet our apps.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
non-biased 5th Aug
@rberman I think his point is that all the Apple haters would bash the iPhone for only being about to load apps from the App Store while Android devices were not limited to only the Google Market. Once Malware started popping up from other sources those same people start saying they don't recommend downloading apps from places other than the Market.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
facebook@... 4th Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate

So what you are stating is that a closed source, proprietary system is more secure than an open platform?
0 Votes
+ -
Message has been deleted.
Dietrich T. Schmitz, *~* Your Linux Advocate Updated - 3rd Aug
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
Rama.NET 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate
Hmm, why didn't you ask the same when there was outrage about Malware on OSX and Windows? Where were you and what were you doing then? Once the system (any system for that matter) allows side loading, you really can't blame user because the system providers should go extra mile to think about users that have no clue about security and other and make sure it is secured.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
nickmcel Updated - 2nd Aug
@Rama.NET
You are very argumentative without a point or reason.
It's not outrage, it's just an argument against something that reeks of hysteria inducing headlines. The article leads one to believe that this was found on the android market. Since you can download the Android SDK and make an app for free (I have). You could also just as easily make a malware app and claim that you "Found and app containing malware". It means nothing it there are not infected handset.
Blaming the ability to side load is like blaming a computer for allowing my to hit it with a hammer. Yeah, I can do it, but that's there a risk/reward that is involved and you don't have to base your business model on the lowest common denominator of people.
0 Votes
+ -
The User Is the Only One to Blame
CFWhitman 2nd Aug
@Rama.NET
If someone is willing to install anything from anywhere, then they can't be protected without handcuffs. I'd rather be savvy to the dangers than be handcuffed.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
non-biased 5th Aug
@CFWhitman I agree but have to ask, why is it the same poeple that will defend Android's security due to the need for the user to take action to install did not see it the same way with the recent malware issue that Macs had?
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
Pete "athynz" Athens 2nd Aug
Dietrich - Slow day? LOL

You bring up some good points but to restrict one to the Google Android Market is in essence a voluntary walling off. One of the selling points of Android is it's openness vs Apple's iOS. Besides as you say the source is as yet to be determined and very well could be the Google Marketplace which had had several issues with malware laden apps. It'll be interesting to find out the source of this latest malware.

Adrian put it well when he said: Ask yourself - does this app really need all these capabilities? If in doubt, say no!
0 Votes
+ -
Message has been deleted.
Dietrich T. Schmitz, *~* Your Linux Advocate Updated - 3rd Aug
0 Votes
+ -
But he's staking his reputation on it
William Farrell 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate

But I noticed you haven't.
This isn't a sensational article, it's a factual assesment of a problem with Android.

Like the social engineering Mac Defender, if you run around telling everyone that "Linux/Android is the safest OS on the planet, so you're fine" then people don't question when an app like this ask for your permission.

You have to realize that Linux/Android is far from safe.

The proof is in the news each week.
0 Votes
+ -
Unless the source is confirmed
Dietrich T. Schmitz, *~* Your Linux Advocate 2nd Aug
@William Farrell
This can happen to *anyone*.

That's why Walled Gardens are made--to ensure the integrity of files and provide control over distribution.

Cut back on the DayQuil.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
Rama.NET 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate
Nope, I can show some of the apps that were already marketed through Android Market and it took a while for Google to pull them out and it happens regularly. It is not the technology that has failed, but it is the stupid system that has no control on any app.
0 Votes
+ -
Not taking issue with that.
Dietrich T. Schmitz, *~* Your Linux Advocate 2nd Aug
@Rama.NET

In fact I set my expectation of Google in my top thread. That is clear.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
jorjitop 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate
So, why don't you admit that Android is not Linux. It is a perversion of Linux modified by Google for their commercial purposes. It is not Open Source. It is Google spyware.

In fact, it does not need a trojan, because it is a trojan which transmits all that information to Google in any case.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
SenorAlejandro 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate
You've made some good points, and if your words continue to fall on deaf ears, you may as well not waste your breath. "Haters gonna hate," as they say, and some folks are less than willing to accept at least part of a person's position if they're opposed to any of it. *shrug* =)
0 Votes
+ -
Not falling on deaf ears, instead
William Farrell 2nd Aug
@SenorAlejandro

Instead that is has been shown that what he's saying insn't true many times.

The Android market has shown that it has had problems like this before, and similar issues have come up in Linux Repositories.

Claiming it doesn't happen to Canonical as a reason it shouldn't happen to Google is illrelivent as Google/Android is totally different then Canonical/Ubuntu - totally different OS's, geared towards totally different users, with different expectations.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
jgm@... 2nd Aug
@Dietrich T. Schmitz, *~* Your Linux Advocate

Sigh. Meanwhile, a Ubuntu user can add any repository they want and end up with Malware, JUST LIKE THE ANDROID PHONE. Same with ANY Linux distribution; I'm not picking on Ubuntu here.
0 Votes
+ -
That Position Makes No Sense
CFWhitman 2nd Aug
@William Farrell
No operating system is safe from the administrator. If the administrator of the system is going to install malware, there is no stopping him. That doesn't mean that the operating system is unsafe. A (relatively) "safe" operating system is one that protects the user from malware installed without the administrator's approval.

If you want to be "safe" from installing malware yourself, then you have to either learn not to install malware yourself or give up administrative rights. Personally, I prefer to not install malware myself and keep my administrative rights.

All that having been said, I'm not completely convinced that Android is necessarily a safe operating system. It's not really an operating system based on Unix principles like Linux (i.e., GNU/Linux, which is generally what people mean when they just say "Linux"). Google doesn't have a ton of experience developing operating systems, so I'm waiting to see. I'm not convinced it's an unsafe operating system either. A million Trojans that the user has to be goofy enough to install himself won't influence my opinion either way.

The Marketplace, though, should be vetted, and the user should have some expectation of safety with official Marketplace apps. Google record there has been far from stellar so far.

"Similar issues have come up in Linux Repositories"?
Uh-huh. I've never seen one. I'll grant you that Arch Linux fails to sign their packages, so it would probably be vulnerable to issues (probably my biggest reason not to use it). I'm thinking, though, that you're talking about a bogus package that was planted on some Gentoo secondary servers after someone obtained a password to one, and which threw a security error for a mismatched signature (big red flag).
0 Votes
+ -
Why should asking for a bunch of permissions raise
fr_gough 2nd Aug
suspicion? Android apps are famous for wanting all sorts of permissions when they install.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
Return_of_the_jedi Updated - 2nd Aug
@fr_gough

How do you know? Do you own an android?

Just asking.
0 Votes
+ -
No, he owns an iPhone which never asks for permission
William Farrell 2nd Aug
@Return_of_the_jedi
as Apple doesn't give you a choice, they know what they want.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
nickmcel 2nd Aug
@jorjitop
Really! The Illuminati created android along with the Bilderbergs to rob you of your first born?
I think I heard your mom telling you to get off the computer. Sesame Street and snacks!!!yay!
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
ZazieLavender 2nd Aug
@fr_gough The suspicion SHOULD BE generated whenever an app asks for a permission despite it not having any function which necessitates such a permission. Naturally, many apps wish to identify your phone as part of the advertisements embedded in many free apps and that much I don't mind. I openly use AdFree to block in-app advertisements, which updates the handset's hosts file to block known advertisement servers. It's quite useful; but requires a rooted handset, which is why I often recommend that to be the FIRST thing you do to it...so that you can install proper apps to manage the battery life and security of the phone. Titanium Backup (Pro optional, also a good investment), JuiceDefender (Ultimate version optional but a great investment) and Lookout
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
cherishhellfire 2nd Aug
Many apps require multiple permissions to function. The Eye, or Emergency use those permissions to send emails and texts, open web pages, make a call, turn on gps, sound an alarm, ect...wallpapers don't need those. Common sense should prevail. Teach your children (and Android loving friends) about app saftey. It's my android ecosystem too. We should all try and keep it safe enough to not need sensationalistic source-less articles such as this.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
wendellgee@... 2nd Aug
@cherishhellfire

agreed
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
Jimster480 2nd Aug
Its not really a trojan unless it exploits the phone to install it self and then takes over the phone. Malware may be right, but trojan is not.
0 Votes
+ -
Shouldn't that be spyware?
epcraig 2nd Aug
@Jimster480 If it records and sends your conversation to someplace it would seem to be spying on you.
0 Votes
+ -
Trojan Just Means If Fools the User Into Installing It
CFWhitman 3rd Aug
@Jimster480
Trojans are called that because they trick the user into installing them. The user thinks he is installing some application to perform a function that he wants. Then, either instead of the expected function, or more often, along with the expected function, the user gets some sort of malware as well. Most Trojans are some sort of adware or spyware (or both), but it's the installation vector that makes them Trojans.

"Trojan" is a reference to the Trojan Horse inside of which supposedly a number of Greek soldiers made their way into Troy so that they could open the gates and let the rest of the army in at night.

What you describe sounds more like the definition of a worm.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
wuboyblue 2nd Aug
Droid ownership is like having a pet, there are certain places it can play and do it's things and some places it can't play, like any other online tool.

The internet is a big, bad place for the eternally stupid, app crazy world. You go out, pack prophylactics and hope you don't catch anything. I paid for my anti-virus app, it was the first app I bought (AVG). I don't get anything that isn't necessary for the day's work. It's a phone and a tool, little more.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
wendellgee@... 2nd Aug
"After the malware finds itself onto a Android handset, it asks for a whole bunch of permissions - which should raise a number of red flags."

Sounds like just about every app I install...
0 Votes
+ -
You Have to Note Whether the Permissions Make Sense
CFWhitman 3rd Aug
@wendellgee@...
It's not whether an app asks for permissions; it's whether the permissions it asks for make sense. For example, a game shouldn't ask permission for phone calls. Pay attention to the permissions that your app asks for.
0 Votes
+ -
So what's the name of this app?
Mr Orez 2nd Aug
This article is fine in a general fashion, but what's the specific app in this case that CA caught?
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
aiellenon 2nd Aug
if you root your phone and put in at least a halfway decent hosts file a lot of these issues would be resolved, even more if the mobile web browsers would get their act together and support proxy servers (I believe one does, but don't quote me on that)
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
windozefreak 2nd Aug
What did you expect; it's a Google product. All Google products collect data and/or privacy information. Viva-la-Google!
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
hiraghm@... 2nd Aug
God forbid individuals should take responsibility for their phones and accept the ills that happen as a result of their own lack of vigilance.
0 Votes
+ -
RE: Android Trojan records conversations, can send them to bad guys
abellonajensen 2nd Aug
Guess those guys who'll be interested in encrypting theirs are the ones who have saved files that are for their eyes only huh. Am one of them. Nothing malicious though. Atlantic International Partnership Madrid Local News and Latest Events

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix