Malware calling: the Android Trojan that records your phone calls
Researchers at CA Technologies are reporting on a newly discovered Trojan, a form of mobile malware that tricks users into installing it then records every voice call your phone makes. This type of spyware is scary and invasive and highlights just how much damage malware can do on a smartphone. What is perhaps even more disturbing than the malware’s ability to act completely under the radar, is how quickly mobile malware’s complexity is outpacing users’ awareness of mobile threats.
In fact earlier this year, researchers in Hong Kong developed a proof-of-concept Trojan for Android called Soundminer that can monitor phone calls and record when a person mentions a number – for example their credit card number. Where these kinds of technical breakthroughs are made, the criminals are never far behind.
The nature of this type of covert functionality has only been seen to date in commercial spyware and whilst there is no solid evidence that this threat has yet to make it into the wild, it is newsworthy in that the program has hidden itself inside a legitimate-looking Android install screen. The criminals are betting that the average mobile user will assume that the program is something he or she downloaded and will click “install.” The criminals may very well win this type of bet.
Mobile users have proven that they are more trusting of install prompts, IMs, web site invites, and a host of other threats that come to their mobile phone. Ironically, many of the same users would not fall victim in a PC environment.
At AdaptiveMobile, we have seen mobile users that are aware of malware, phishing, viruses and the like admit to clicking on SMS messages, allowing install prompts or accessing unfamiliar mobile web sites. Quite simply: mobile is considered a “safe” communication tool and browsing environment, even by those who have some knowledge of mobile security.
All mobile users should be aware of what they are doing on mobile. By taking a few simple steps such as; only downloading an app from a legitimate source, scrutinising every download and its permissions and only ever clicking links in, or responding to, texts and emails from sources that are completely trusted, users can ensure that they are as safe – or safer – in the mobile realm than they are on a PC.
For more on the fast-evolving nature of mobile security threats, take a look at the report we published earlier this year.
Ciaran Bradley, VP Handset Security, AdaptiveMobile