The Trojan records calls in AMR format, and then stores the recorded call in a directory shangzhou/callrecord on the SDCard. The malware also "drops a 'configuration' file" that contains key information about a remote server and the parameters necessary to communicate with it. It's possible, therefore, that the malware wants to upload the recorded calls to a server maintained by the attacker.
The CA researched tested the Trojan in "a controlled environment with two mobile emulators running along with simulated Internet services." Apparently, the Trojan requires manual acceptance to install, infecting a system only if the Android device owner taps the "install" button on screen that looks a lot like the installation screens of legitimate apps.
Once infected by the Trojan, every phone call triggers the malware to begin recording the call and storing it on the device's SD card.
While Apple has taken criticism for somewhat draconian App Store approval processes, those processes mean that the store's apps are curated and malware doesn't get into the marketplace. Meanwhile, the Android Market is much more open, but it has been hit with malware submissions previously, including malware disguising itself as valid apps.
Stay tuned with us at Facebook & Twitter and Subscribe Email to get updates on latest Tech Updates.
0 Comments