Evil Android Trojan records your calls
Spy on the wire
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Criminals have increased the functionality of Android Trojans with a new strain that is capable of recording, and not just logging, conversations on compromised smartphones.
Previous mobile malware strains for Google's mobile platform had the ability to log the duration and numbers of incoming and outgoing calls. The new malware goes further than this by capturing the content of conversations before storing them on the SD-slot memory card of infected Android phones.
These conversations may then be uploaded to a server under the control of hackers, according to tests of the malware by security researchers from CA in a closed environment. "Once the malware is installed in the victim device, it drops a 'configuration' file that contains key information about the remote server and the parameters," CA researcher Dinesh Venkatesan explains.
The as-yet-unnamed malware doesn't have the ability to install by itself. Victims would need to agree to install the application, agreeing to grant it permissions including record audio, read the state of a phone and prevent it from sleeping.
As such, the malware looks like a prototype of some sort, minus the social engineering trickery to disguise it as a game or some such that users might be tricked into installing, or perhaps a tool for suspicious spouses to use against their partners.
More details of the malware, including screenshots, can be found in a blog post by CA here. ®
COMMENTS
Permissions
Google needs to sort out the permissions for Android, making them more fine-grained and, where possible, using listeners or having apps interact with services on the phone instead of having access to hardware. I'm not an Android developer so I might be mistaken about the setup but from looking at the details of the permissions for apps in the Android Market I believe they make users grant unnecessary control when apps need a small amount of permissions for valid reasons.
There are also apps which require permissions which don't seem to be valid at all, which cautious users ought to avoid if they want to be trojan-free. But when examples of this include the latest Facebook app, which asks for permission to read, send and delete SMS messages (without mentioning any SMS-related functionality on its Market page) it looks like people are being conditioned to grant whatever permissions an app requests. Facebook is probably just trying to find out more about our "social graph" without letting us know and doesn't intend to delete our messages, but needing permission to delete SMS in order to read SMS is something which Google needs to fix.
Facebook requires the following:
SEND SMS MESSAGES
Allows application to send SMS messages. Malicious applications may cost you money by sending messages without your confirmation.
RECEIVE SMS
Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
READ SMS OR MMS
Allows application to read SMS messages stored on your device or SIM card. Malicious applications may read your confidential messages.
EDIT SMS OR MMS
Allows application to write to SMS messages stored on your device or SIM card. Malicious applications may delete your messages.
Just what I've been looking for
a way to record my conversations. Wish there was a benevolent app for that.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
