Security researchers from CA have identified a trojan for the Android platform which records phone calls and uploads them to a server under the attackers’ control.
The trojan hides itself as a service called Android System Messaging and asks for permission to intercept outgoing calls on installation.
Unfortunately, most Android users have gotten so used to these permission dialogs that they agree to them without reading or understanding what they mean.
The same kind of behavior has been observed over the years with Windows confirmation prompts, Facebook app permission requests and other routine prompts.
The app starts monitoring incoming/outgoing calls and records them on the microSD card in .amr audio format. According to the CA researchers, these files are stored in a directory named shangzhou/callrecord.
Shangzhou is a district of Shangluo, Shaanxi, China, possibly an indication of where the trojan originated or the location of its creator.
Many Android trojans are developed and spread in China or Russia, because unofficial app markets are popular there. However, sometimes their characteristics are adopted by malware writers who distribute their creations through Google’s own Android Market.
Security researchers have warned since last year that Android offers a lot of options for malware writers and that it will be increasingly targeted. Their fears were proven correct this year, when the number of such trojans exploded.
The sophistication of mobile malware has also increased significantly with more and more dangerous trojans being discovered every month. Even the ZeuS gangs have created an Android component to steal mobile transaction authentication numbers (mTANs). source: softpedia