Apple’s main mobile competitor, Android, isn’t exactly known for being the most secure platform. While Google’s ‘open’ mentality has proven beneficial in many ways for the Android OS, a non-curated system often leads to compromises in security.
We’ve already seen numerous malware programs surface on the Android OS, and the latest one is particularly villainous.
CA Technologies has discovered a new piece of Android malware that disguises itself as a normal app, but actually has a much more nefarious purpose. Upon installing and granting permissions to this seemingly harmless app, a file will be downloaded from a remote server without the user’s consent. The next time a phone call is made on the infected device, the malware in question records the call as a .amr file to the smartphone’s SD card.
“We have been recently blogging about many Android malware as the threat landscape has been witnessing an increasing trend in targeting the mobileplatforms and today we have received an Android package to our collection and observed that this piece of malware walks an additional mile by having a neat configuration and has a capability to record the telephonic conversation the infected victim makes. In one of our earlier blogs, we have demonstrated how a Trojan logs all the details of incoming/outgoing calls and call duration in a text file. This Trojan is more advanced as it records the conversation itself in “amr” format. Also it has got many other malicious activities that we have seen in many of the earlier malware incidents targeted for Android platform.”
It’s unclear as to why the Trojan saves the recorded call to an SD card, but the advanced nature of the bug suggests that it can not only download, but also upload files without the user’s consent.
One of the benefits of Apple’s closed iOS ecosystem is better security. Because Apple monitors everything that gets into the App Store, malware isn’t an issue for iPhone and iPad users.
On Android, Trojans like these will continue to pop up until some sort of curation is implemented in the Android Market. For the time being, Android users can take precautions with security software on their smartphones.
[via Redmond Pie]
Alex Heath is a journalist who works for Tech Insider. He’s the former co-host of The CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like “ICONIC: A Photographic Tribute to Apple Innovation.” He lives in Lexington, Kentucky. If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Follow him on Twitter.
30 responses to “Nasty Android Malware Secretly Records and Saves Your Calls [Report]”
This is an Apple blog. Why do I care about this again? I’m not hating on Android, but if this is an Apple blog, why are you posting things about Android?
Part of covering Apple, OS X, and iOS is covering the respective markets as a whole, particularly the main Apple competitors in these markets?
gotta let the herd graze
It would be better I think if they would mention the name of so called “app” instead of letting people download it they would actually inform them but I guess not.
If it is out there I am sure there are at least a few apps out there that it is attached to.
I just paid $22.87 for an iPad 2-64GB and my girlfriend loves her Panasonic Lumix GF 1 Camera that we got for $38.76 there arriving tomorrow by UPS. I will never pay such expensive retail prices in stores again. Especially when I also sold a 40 inch LED TV to my boss for $657 which only cost me $62.81 to buy. Here is the website we use to get it all from, http://to.ly/aRG4
Open source in my opinion is like having unprotected intercourse.
Check out this great apple blog for up to date news on everything apple.
Including the iPhone 5!
http://applefanboynews.com/
Finally. An Android malware. Just as i predicted from its un-curated platform. *grin*
Open source is good IF you have some sort of QC or QA process there.
Sounds like the latest News Of The World journalist app. :)
and that is why iphone is better isn’t it
Nonsense. Open source is often more secure than closed, because the code is open to scrutiny by everyone, not just a select few employees. (Don’t forget the heart of OS X, the Darwin kernel, is open source too…)
What the CA report fails to make clear is that they have NOT actually seen this thing in any apps that are available in the Android Market. See http://www.androidcentral.com/…
The usual idea is that you would use NFC to set up the link between the two devices and then do an automatic hand over to a different protocol for doing the actual transfer of data – eg Bluetooth,iphone 5
because Mac people are haters.
My Android Epic 4G is freaking awesome. Just get Lookout Security and be smart about your usage. :D I love having Flash on it. LOVE IT!