Android Malware Eavesdrops, Records Your Conversations

Now there’s no question that Android’s flexibility has endeared it self to many a smartphowner out there, but I’d imagine that not everyone is as cognizant about security as they should be.

Case in point: a nasty new bit of Android malware discovered by security researcher Dinesh Venkatesan at CA Technologies records all of your conversations to your SD card when activated.

The process by which it does this is deceptively simple, at least at first glance. When the infected app is installed, it drops a configuration file onto the device (no word on where specifically in the filesystem it goes) that specifies the “remote server and the parameters.” Once the payload is on the device, it is automatically activated as soon as the infected machine makes an outgoing phone call. Venkatesan tested the malware in two mobile emulators with identical results — a new folder appearing on the SD card at /shangzhou/callrecord with .amr recordings of each “conversation”.

Scary stuff, no? Well, to be fair, it would be scarier if it weren’t for one thing: like every other Android app out there, you actually have to approve the thing before it installs. Honestly, though I try to be aware of these things, I’ll often just hammer on the screen when the installation prompt pops up. I’m sure I can’t be the only one (although the TechCrunch audience is clearly savvier than most), but with more malware moving into the mobile space, let’s all try and exercise a bit more caution, shall we?