Word on the street is that a new Android trojan will save audio of all your phone calls and open them up for access by a remote server. Lucky for you, it’s only word on the street; the trojan has not been spotted in the wild, yet. A blog post by an employee of Total Defense details the trojan’s MO. Apparently, it poses as an Android System Message that requires users to press “install.”
After being activated, the trojan will record all of your calls and save them to the phone’s memory, only exporting them to a remote server after receiving a request from the trojan’s operator. Like a fake video calling app that showed up on Facebook, this trojan does sort of give itself away by mentioning all the sketchy things you are giving it permission to do, like “record audio,” so an attentive user might be suspicious. Hiding behind an official looking system message does lend it some authority, however.
You might wonder what someone would want with all your phone calls anyway, and the answer is probably identification. If a hacker can find a call where you identified yourself to your bank, for instance, they would have all the information they needed to do the same. Fortunately, finding something like that requires sifting through a lot of garbage data, which makes it less than appealing for the hacker on the go.
As mentioned before, this particular trojan has yet to be found out and about, but it would appear that it still exists as a proof of concept. A proof of scary concept. So, keep that in mind next time you hit the install button on your Android, or on any device for that matter. And while you’re at it, might as well keep that in mind every time you install anything.
(via Ars Technica)
Published: Aug 2, 2011 05:39 pm