A malware has been detected by a CA security researcher which is said to be capable of recording phone conversations on Android devices. Earlier the same company had found a similar Trojan that logged the details of incoming and outgoing phone calls and the call duration. This new malware records the actual phone conversations in AMR format and stores the recordings on the device’s SD card.
CA security researcher Dinesh Venkatesan says that the malware also “drops a ‘configuration’ file that contains key information about the remote server and the parameters” perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker. He has tested the Trojan in a controlled environment with two mobile emulators running along with simulated Internet services. The results show that the Trojan can only be installed if the Android device owner clicks the install button on a message that looks strikingly similar to the installation screens of legitimate applications. After the malware and the remote server configuration file are installed on the Android device, making a phone call triggers the payload, recording the call and storing it on the SD card.