Security experts at CA Technologies have revealed that a new type of malware aimed at recording user phone calls is currently affecting Android smartphones. The company had earlier discovered a Trojan capable of logging user call history and duration on a '.txt' file. This new Trojan, however, seems to be an advanced version of the previous one. What it does is install itself on the user’s phone as a legitimate application. After allowing permissions, this ‘Android App’ is capable of silently recording incoming and outgoing conversations which get stored in ‘.amr’ format on the victim’s memory card. According to the researchers at CA Technologies, an additional ‘configuration’ file gets added that contains key information about a remote server. This suggests that the files could be uploaded to a remote server maintained by the attacker.
Permissions Tab: Image source (CA Community Blog)
What’s worse, once installed, the application does not require to be started by the user. Making a phone call automatically triggers the application’s payload, which enables recording and storing of the conversations on the phone's memory card. All the conversation data gets stored in a directory called Shangzhou/callrecord in the phone’s Micro SD card.
Android malware already seems to be on the rise, and it would be beneficial for users to be extra cautious while installing new applications.