A security researcher has identified a new piece of Chinese-made Android spyware that can record a user’s calls on their Android smartphone.
This new malware taps phone-calls and records them onto the phone’s SD card or internal storage, storing the resultant ‘.amr’ files at /shangzhou/callrecord. In addition, this eavesdropping malware installs a configuration file that contains details of a remote server – ready for uploading your taped calls to the hackers.
China-based Android users are more at risk from this Chinese-made spyware, as it is more likely to be implanted into pirated apps that are available from numerous shady third-party app stores or BBS.
Note that this is not just one application, but a piece of code that’s out there on the web that a hacker could compile and attach to an app. It’s not available in Google’s Android Market, and no apps from that official source have yet been found with this spyware.
The security researcher who uncovered this malware was Dinesh Venkatesan, who works at CA Technologies. He warns that if this malicious code is put into an app, then that app will show some unusual permissions on the pre-installation ‘Do you want to install this application?’ page (pictured right). People who download apps from alternative sources should look out for “record audio” and “intercept outgoing calls” on the list of an Android app’s permissions.
It’s precisely because of such dangers that one app publisher, App Store Connect (ASC), recently teamed up with Tencent’s new mobile security lab. ASC distributes a lot of global titles on various Chinese Android app stores, and felt that such security testing and authentication was the best way to guarantee the safety, and authenticity, of an app.
With this particularly devious code out there, Android users are advised to stick to downloading apps only from quality app publishers on more official channels, such as Google’s own Market and the Amazon App Store – or also the Chinese download site Downjoy.com, which has an official deal with Rovio to distribute Angry Birds in China.
[Source: CA technologies]