Feeds

Evil Android Trojan records your calls

Spy on the wire

Top 5 reasons to deploy VMware with Tegile

Criminals have increased the functionality of Android Trojans with a new strain that is capable of recording, and not just logging, conversations on compromised smartphones.

Previous mobile malware strains for Google's mobile platform had the ability to log the duration and numbers of incoming and outgoing calls. The new malware goes further than this by capturing the content of conversations before storing them on the SD-slot memory card of infected Android phones.

These conversations may then be uploaded to a server under the control of hackers, according to tests of the malware by security researchers from CA in a closed environment. "Once the malware is installed in the victim device, it drops a 'configuration' file that contains key information about the remote server and the parameters," CA researcher Dinesh Venkatesan explains.

The as-yet-unnamed malware doesn't have the ability to install by itself. Victims would need to agree to install the application, agreeing to grant it permissions including record audio, read the state of a phone and prevent it from sleeping.

As such, the malware looks like a prototype of some sort, minus the social engineering trickery to disguise it as a game or some such that users might be tricked into installing, or perhaps a tool for suspicious spouses to use against their partners.

More details of the malware, including screenshots, can be found in a blog post by CA here. ®

Remote control for virtualized desktops

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.