New Android Trojan records voice calls

first_imgIt’s not exactly a secret that the Android Market has had a few problems with Trojanized applications. Cybercriminals typically find a popular app, modify it to include their malicious payload, and then re-upload it to the market where it poses innocuously as the original. Once a confused user downloads the infected app, his or her Android device is ready to share all sorts of juicy details with the Trojan’s creator — including text messages, call and contact information, and even complete audio recordings of phone calls.That last bit is a brand new twist, discovered by Computer Associates security researchers. The new Trojan appears to be a variant of the Golddream.A Trojan but has evolved beyond its original capabilities. Golddream could already store and transmit basic information about an infected user’s calls, like the caller’s number and start and stop time. With this “update,” the Trojan can now record the full call audio to an Android phone’s microSD expansion card (assuming one is installed, of course). Once recorded, the audio files can be uploaded to a remote server.Why bother recording call audio? For starters, it could make for a deadly one-two punch when paired with a spear phishing attack. It’s also an incredibly devious way to harvest answers to the verification questions your bank or credit card company requests when you call in. Sure, it’d be a pain to sift through all the recorded calls a Trojan like this uploaded (if it enjoyed any kind of success), but calls to financial institutions could be easily weeded out using their phone numbers.The moral of the story: read carefully before installing apps on an Android device and — especially if you’re someone who tries out dozens of apps every week — install a good antimalware app.More at CA and Network Worldlast_img

0 thoughts on “New Android Trojan records voice calls”

Leave a Reply

Your email address will not be published. Required fields are marked *