A security researcher claims to have positively identified an Android trojan capable of recording phone conversations and storing them in “amr” format.
“Once the malware is installed on the device, it drops a config file that contains key information about [a] remote server and [relevant] parameters,” Dinesh Venkatesan wrote in a CA Technologies blog post.
“Making a phone call triggers the payload. As the conversation goes on, the Trojan stores the recorded call in a directory [called] shangzhou/callrecord, [located on] the SDCard.”
Although the trojan was apparently designed to transfer the recorded call files to a remote server, Venkatesan told ArsTechnica a “typo” in the code prevented the app from executing that particular part of the program.
Fortunately, the trojan has not yet been spotted in the wild, but rather, was discovered on a “malware collection channel.”
Clearly, it was inevitable that cyber criminals would eventually code a trojan with such nefarious capabilities.
While the app is currently limited by a code error, future iterations or copycat versions of the software are likely to pose a clear and present danger to smartphone users – especially if it is stealthy and difficult for the average Android owner to detect.